© The Institute of Chartered Accountants of India

© The Institute of Chartered Accountants of India

PAPER – 7: ENTERPRISE INFORMATION SYSTEMS AND STRATEGIC MANAGEMENT
SECTION – A: ENTERPRISE INFORMATION SYSTEMS
Question No. 1 is compulsory.
Answer any three questions from the rest.
Question 1
(a) Describe any three key functions of RBI. (3 Marks)
(b) How the inherent risks involved in BPA can be classified? Discuss any four. (2 Marks)
Answer
(a) The key functions of Reserve Bank of India (RBI) are as follows:
i. Monetary Authority: This function formulates, implements and monitors the
monetary policy with the objective of maintaining price stability and ensuring
adequate flow of credit to productive sectors.
ii. Regulator and supervisor of the financial system: It prescribes broad parameters
of banking operations within which the country’s banking and financial system
functions with the objective of maintaining public confidence in the system, protect
depositors’ interest and provide cost- effective banking services to the public.
iii. Issuer of currency: It deals with issuing and exchanging or destroying currency and
coins not it for circulation with the objective to give the public adequate quantity of
supplies of currency notes and coins and in good quality.
(b) The inherent risks involved in Business Process Automation (BPA) are classified as below:
• Input & Access: All input transaction data may not be accurate, complete and
authorized.
• File & Data Transmission: All files and data transmitted may not be processed
accurately and completely, due to network error.
• Processing: Valid input data may not have been processed accurately and
completely due to program error or bugs.
• Output: IT may not be complete and accurate due to program error or bugs and is
distributed to unauthorized personnel due to weak access control.
• Data: Master data and transaction data may be changed by unauthorized personnel
due to weak access control.
• Infrastructure: All data and programs could be lost if there is no proper backup in
the event of a disaster and the business could come to a standstill.

44 INTERMEDIATE (NEW) EXAMINATION: NOVEMBER, 2019
Question 2
(a) Business Processes are documented/designed using flow-charts to understand the
process in visualized form. Being a business advisor, what advantages of flow-charts will
you suggest to represent the business processes in diagrammatic form? (6 Marks)
(b) Explain any four examples of Segregation of Duties (SoD) controls. (4 Marks)
Answer
(a) The advantages of Flowcharts to represent the business process in diagrammatic form are
as follows:
i. Quicker grasp of relationships: The relationship between various elements of the
application program/business process must be identified. Flowchart can help depict
a lengthy procedure more easily than by describing it by means of written notes.
ii. Effective Analysis: The flowchart becomes a blueprint of a system that can be
broken down into detailed parts for study. Problems may be identified, and new
approaches may be suggested by flowcharts.
iii. Communication: Flowcharts aid in communicating the facts of a business problem
to those whose skills are needed for arriving at the solution.
iv. Documentation: Flowcharts serve as a good documentation which aid greatly in
future program conversions. In the event of staff changes, they serve as training
function by helping new employees in understanding the existing programs.
v. Efficient coding: Flowcharts act as a guide during the system analysis and program
preparation phase. Instructions coded in a programming language may be checked
against the flowchart to ensure that no steps are omitted.
vi. Program Debugging: Flowcharts serve as an important tool during program
debugging by detecting, locating and removing mistakes.
vii. Efficient program maintenance: The maintenance of operating programs is
facilitated by flowcharts that help the programmer to concentrate attention on that
part of the information flow which is to be modified.
viii. Identifying Responsibilities: Specific business processes can be clearly identified
to functional departments thereby establishing responsibility of the process owner.
ix. Establishing Controls: Business process conflicts and risks can be easily identified
for recommending suitable controls.
(b) The examples of Segregation of Duties (SoD) Controls are as below:
i. Transaction Authorization: Information systems can be programmed or configured
to require two (or more) persons to approve certain transactions. This is seen in retail
establishments where a manager is required to approve a large transaction or a

PAPER – 7: ENTERPRISE INFORMATION SYSTEMS & STRATEGIC MANAGEMENT 45
refund. In IT applications, transactions meeting certain criteria may require a

manager’s approval to be able to proceed.
ii. Split custody of high-value assets: Assets of high importance or value can be
protected using various means of split custody. For example, a password to an
encryption key that protects a high-valued asset can be split in two halves, one half
assigned to two persons, and the other half assigned to two persons, so that no single
individual knows the entire password. Banks do this for central vaults, where a vault
combination is split into two or more pieces so that two or more are required to open
it.
iii. Workflow: Applications that are workflow-enabled can use a second (or third) level
of approval before certain high-value or high-sensitivity activities can take place. For
example, a workflow application that is used to provision user accounts can include
extra management approval steps in requests for administrative privileges .
iv. Periodic reviews: IT or internal audit personnel can periodically review user access
rights to identify whether any segregation of duties issues exist. The access privileges
for each worker can be compared against a segregation of duties control matrix.
When SoD issues are encountered during segregation of duties review, management
will need to decide how to mitigate the matter.
Question 3
(a) An internet connection exposes an organization to the harmful elements of the outside
world. As a network administrator, which Network Access controls will you implement in
the organization to protect from such harmful elements? (6 Marks)
(b) Every business decision is accompanied with a set of threats and so is BYOD program.
Explain briefly the areas in which the risks associated with BYOD program can be
classified. (4 Marks)
Answer
(a) The protection of an organization from harmful elements can be achieved through the
following Network Access Controls:
i. Policy on use of network services: An enterprise wide policy applicable to internet
service requirements aligned with the business need for using the Internet services
is the first step. Selection of appropriate services and approval to access them should
be part of this policy.
ii. Enforced path: Based on risk assessment, it is necessary to specify the exact path
or route connecting the networks; e.g. internet access by employees will be routed
through a firewall and proxy.
iii. Segregation of networks: Based on the sensitive information handling function; say
a Virtual Private Network (VPN) connection between a branch office and the head -
office, this network is to be isolated from the internet usage service.

iv. Network connection and routing control: The traffic between networks should be
restricted, based on identification of source and authentication access policies
implemented across the enterprise network facility.
v. Security of network services: The techniques of authentication and authorization
policy should be implemented across the organization’s network.
vi. Firewall: A Firewall is a system that enforces access control between two networks.
To accomplish this, all traffic between the external network and the organization’s
Intranet must pass through the firewall that will allow only authorized traffic between
the organization and the outside to pass through it. The firewall must be immune to
penetrate from both outside and inside the organization.
vii. Encryption: Encryption is the conversion of data into a secret code for storage in
databases and transmission over networks. The sender uses an encryption algorithm
with a key to convert the original message called the Clear text into Cipher text. This
is decrypted at the receiving end.
viii. Call Back Devices: It is based on the principle that the key to network security is to
keep the intruder off the Intranet rather than imposing security measure after the
criminal has connected to the intranet. The call- back device requires the user to enter
a password and then the system breaks the connection. If the caller is authorized,
the call back device dials the caller’s number to establish a new connection. This limit
access only from authorized terminals or telephone numbers and prevents an intruder
masquerading as a legitimate user. This also helps to avoid the call forwarding and
man-in-the middle attack.
(b) The risks associated with Bring Your Own Device (BYOD) program are classified as below:
i. Network Risks: It is normally exemplified and hidden in ‘Lack of Device Visibility’.
When company-owned devices are used by all employees within an organization, the
organization’s IT practice has complete visibility of the devices connected to the
network. This helps to analyze traffic and data exchanged over the Internet. As BYOD
permits employees to carry their own devices (smart phones, laptops for business
use), the IT practice team is unaware about the number of devices being connected
to the network. As network visibility is of high importance, this lack of visibility can be
hazardous.
ii. Device Risks: It is normally exemplified and hidden in ‘Loss of Devices’. A lost or
stolen device can result in an enormous financial and reputational embarrassment to
an organization as the device may hold sensitive corporate information. Data lost from
stolen or lost devices ranks as the top security threats as per the rankings released
by Cloud Security Alliance. With easy access to company emails as well as corporate
intranet, company trade secrets can be easily retrieved from a misplaced device.

iii. Application Risks: It is normally exemplified and hidden in ‘Application Viruses and
Malware’. A related report revealed that most employees’ phones and sma rt devices
that were connected to the corporate network weren’t protected by security software.
With an increase in mobile usage, mobile vulnerabilities have increased concurrently.
Organizations are not clear in deciding that ‘who is responsible for devic e security –
the organization or the user’.
iv. Implementation Risks: It is normally exemplified and hidden in ‘Weak BYOD Policy’.
The effective implementation of the BYOD program should not only cover the
technical issues mentioned above but also mandate the development of a robust
implementation policy. Because corporate knowledge and data are key assets of an
organization, the absence of a strong BYOD policy would fail to communicate
employee expectations, thereby increasing the chances of device misuse.
Question 4
(a) Central database is the main feature of an ERP system. As the complete data is stored at
one place, ensuring safety of data and minimizing risk of loss of data is a big challenge.
As an IT expert, discuss the risks associated with various aspects of ERP. (6 Marks)
(b) Explain the concept of E-Commerce briefly. How can you protect your E-Commerce
business from intrusion? (4 Marks)
Answer
(a) The Risks associated with various aspect of Enterprise Resource Planning (ERP) are given
below:
i. Data Access: Data is stored centrally, and all the departments access the central
data. This creates a possibility of access to non-relevant data.
ii. Data Safety: As there is only one set of data, if this data is lost, whole business may
come to stand still. For the physical safety of data, risk of total or partial loss of data
are considered. Whereas for the electronic safety of data; risk of changes in data, risk
of partial/complete deletion of data, risk of leakage of information and risk of incorrect
input of data are considered.
iii. Speed of Operation: As data is maintained centrally, gradually the data size
becomes more and more and it may reduce the speed of operation.
iv. Change in process: As the overall system is integrated, a small change in process
for one department may require lot of efforts and money.
v. Staff Turnover: As the overall system is integrated and connected with each other
department, it becomes complicated and difficult to understand. In case of staff
turnover, it becomes increasingly difficult to maintain the system.

vi. System Failure: As everybody is connected to a single system and central database,
in case of failure of system, the whole business may come to stand still and may get
affected badly.
(b) Definition of E-commerce are as follows:
E-Commerce can be defined as “Sale/Purchase of goods/services through electronic
mode.” This could include the use of technology in the form of Computers, Desktops,
Mobile Applications, etc. In other words, E-Commerce is the process of doing business
electronically. It refers to the use of technology to enhance the processing of commercial
transactions between a company, its customers and its business partners. It involves the
automation of a variety of Business-To-Business (B2B) and Business-To-Consumer (B2C)
transactions through reliable and secure connections.
E-Commerce business can be protected from intrusion using following methods:
i. Viruses: Check your website daily for viruses, the presence of which can result in the
loss of valuable data.
ii. Hackers: Use software packages to carry out regular assessments of how vulnerable
your website is to hackers.
iii. Passwords: Ensure employees change these regularly and that passwords set by
former employees of your organization are defunct.
iv. Regular software updates: The site should always be up to date with the newest
versions of security software. If it is not done, the website will become vulnerable to
attack.
v. Sensitive data: This involves considering the encryption of financial information and
other confidential data (using encryption software). Hackers or third parties will not
be able to access encrypted data without a key. This is particularly relevant for any
e-Commerce sites that use a shopping cart system.
vi. Know the details of your payment service provider contract.
Question 5
(a) Banks face the challenge of addressing the threat of money laundering on multiple fronts
as banks can be used as primary means for transfer of money across geographies. In light
of the above statement, discuss the Money Laundering process and its different stages.
(6 Marks)
(b) (i) What do you understand by Regulatory Compliance? (2 Marks)
(ii) Write a brief description of three tier architecture of Application Software. (2 Marks)
OR
Explain briefly the concept of Role-Based-Access-Control (RBAC) in ERP System.

Answer
(a) Section 3 of Prevention of Money Laundering Act (PMLA), 2002 defines 'Money
Laundering’ as: ‘whosoever directly or indirectly attempts to indulge or knowingly assists
or knowingly is a party or is actually involved in any process or activity connected with the
proceeds of crime and projecting it as untainted property shall be guilty of the o ffence of
money-laundering”.
In other words, Money laundering may be defined as the process by which the proceeds
of the crime and the true ownership of those proceeds are concealed or made opaque so
that the proceeds appear to come from a legitimate source. The objective in money
laundering is to conceal the existence, illegal source, or illegal application of income to
make it appear legitimate. Money laundering is commonly used by criminals to make ‘dirty’
money appear ‘clean’ or the profits of criminal activities are made to appear legitimate.
Stages of Money Laundering are as follows:
i. Placement: The first stage involves the Placement of proceeds derived from illegal
activities - the movement of proceeds frequently currency, from the scene of the crime
to a place, or into a form less suspicious and more convenient for the criminal.
ii. Layering: Layering involves the separation of proceeds from illegal source using
complex transactions designed to obscure the audit trail and hide the proceeds.
Layering involves sending the money through various financial transactions to change
its form and make it difficult to follow. Layering may consist of several banks to bank
transfers or wire transfers between different accounts in different names in different
countries making deposit and withdrawals to continually vary the amount of money in
the accounts changing the money’s currency purchasing high value items (boats,
houses cars, diamonds) to change the form of money, thus making it hard to trace.
iii. Integration: Integration involves conversion of illegal proceeds into apparently
legitimate business earnings through normal financial or commercial operations.
Integration creates the illusion of a legitimate source for criminally derived funds and
involves techniques as numerous and creative as those used by legitimate
businesses.
(b) (i) Regulatory Compliance describes the goal that organizations aspire to achieve in
their efforts to ensure that they are aware of and take steps to comply with relevant
laws, policies, and regulations. This approach is used to ensure that all necessary
governance requirements can be met without the unnecessary duplication of effort
and activity from resources.
In other words, Regulatory Compliance is an organization’s adherence to laws,
regulations, guidelines and specifications relevant to its business. Violations of

regulatory compliance regulations often result in legal punishment, including interest,

penalty and prosecution in some cases.
The compliance and regulatory requirements can be classified in two types as under.
o General – Applicable to all irrespective of anything.
o Specific – Applicable to specific type of businesses only.
(ii) The layers of Three Tier Architecture of Application Software are as below:
▪ The Application Layer receives the inputs from the users and performs certain
validations like, if the user is authorized to request the transaction.
▪ The Operating System Layer then carries these instructions and processes
them using the data stored in the database and returns the results to the
application layer.
▪ The Database Layer stores the data in a certain form. For a transaction to be
completed, all the three layers need to be invoked. Most application software is
built on this model these days.
OR
(ii) Role-Based Access Control (RBAC) is an approach to restricting system access to
authorized users. It is used by most enterprises and can implement mandatory access
control or discretionary access control.
▪ RBAC is a policy neutral access control mechanism defined around roles and
privileges that lets employees having access rights only to the information they
need to do their jobs and prevent them from accessing information that doesn't
pertain to them.
▪ RBAC can be used to facilitate administration of security in large organizations
with hundreds of users and thousands of permissions.
▪ The components of RBAC such as role-permissions, user-role and role-role
relationships make it simple to perform user assignments.
▪ Roles for staff are defined in organization and permission to access a specific
system or perform certain operation is defined as per the role assigned.

SECTION –B: STRATEGIC MANAGEMENT
Question No. 6 is compulsory
Answer any three questions from the rest.
Question 6
An XYZ Company is facing continuous losses. There is decline in sales and product market
share. The products of the company became uncompetitive and there is persistent negative
cash flow. The physical facilities are deteriorating and employees have low morale. At the
board meeting, the board members decided that they should continue the organization and
adopt such measures that the company functions properly. The board has decided to hire
young executive Shayamli for improving the functions of the organization. What corporate
strategy should Shayamli adopt for this company and what steps to be taken to implement
the corporate strategy adopted by Shayamli? (5 Marks)
Answer
XYZ Company is facing continuous losses, decline in sales and product market share, persistent
negative cash flow, uncompetitive products, declining market share, deterioration in physical
facilities, low morale of employees. In such a scenario, Shayamli may choose turnaround
strategy as this strategy attempts to reverse the process of decline and bring improvement in
organizational health. This is also important as Board has decided to continue the company and
adopt measures for its proper functioning.
For success, Shayamli needs to focus on the short and long-term financing needs as well as on
strategic issues. During the turnaround, the “product mix” may be changed, requiring the
organization to do some repositioning. A workable action plan for turnaround would involve:
Stage One – Assessment of current problems: In the first step, assess the current problems
and get to the root causes and the extent of damage.
Stage Two – Analyze the situation and develop a strategic plan: Identify major problems
and opportunities, develop a strategic plan with specific goals and detailed functional actions.
Stage Three – Implementing an emergency action plan: If the organization is in a critical
stage, an appropriate action plan must be developed to stop the bleeding and enable the
organization to survive.
Stage Four – Restructuring the business: If the core business is irreparably damaged, then
the outlook for the entire organization may be bleak. Efforts to be made to position the
organization for rapid improvement.
Stage Five – Returning to normal: In the final stage of turnaround strategy process, the
organization should begin to show signs of profitability, return on investments and enhancing
economic value-added.

Question 7
(a) "Strategic Management concepts are useful for educational institutions." Explain with
reasons. (5 Marks)
(b) "Industry and competitive analysis begins with an overview of the industry's dominant
economic features." Explain and also narrate the factors to be considered in profiling in
industry's economic features. (5 Marks)
Answer
(a) Education is considered to be a noble profession. An educational institution often functions
as a not-for-profit organization managed by trusts and societies. They include schools,
colleges and universities. Being inherently non-commercial in nature, educational
organisations do not have cut-throat competition as in case of their commercial
counterparts. However, as the number of institutions belonging to both public and private
sector are increasing, the competition is gradually rising. Key reasons for use of strategic
management techniques in educational institutes are as follows:
• Getting better name and recognition.
• Adopt different strategies for attracting best students.
• Appointing and retaining quality faculty for teaching.
• Deliver education to make graduates more employable.
• Nurturing responsible citizens.
(b) Industry is “a group of firms whose products have same and similar attributes such that
they compete for the same buyers.” Industries differ significantly in their basic character
and structure. Industry and competitive analysis begins with an overview of the industry’s
dominant economic features. The factors to be considered while profiling an industry’s
economic features are fairly standard and are given as under:
 Size and nature of market.
 Scope of competitive rivalry.
 Market growth rate and position in the business life.
 Number of rivals and their relative market share.
 The number of buyers and their relative sizes.
 The types of distribution channels used to access consumers.
 The pace of technological change in both production process innovation and new
product introductions.
 Whether the products and services of rival firms are highly differentiated, weakly
differentiated, or essentially identical?

 Whether organisation can realize economies of scale in purchasing, manufacturing,

transportation, marketing, or advertising.
 Whether key industry participants are clustered in a location.
 Whether certain industry activities are characterized by strong learning and
experience effects (“learning by doing”) such that unit costs decline as cumulative
output grows.
 Whether high rates of capacity utilization are crucial to achieve low-cost production
efficiency.
 Capital requirements and the ease of entry and exit.
 Whether industry profitability is above or below par?
Question 8
(a) Why an organisation should have a mission? What considerations are to be kept in mind
while writing a good mission statement of a company? (5 Marks)
(b) Explain the Strategic Alliance. Describe the advantages of Strategic Alliance. (5 Marks)
Answer
(a) Organization should have a mission on account of the following reasons:
 To ensure unanimity of purpose within the organization.
 To develop a basis, or standard, for allocating organizational resources.
 To provide a basis for motivating the use of the organization’s resources.
 To establish a general tone or organizational climate.
 To serve as a focal point for those who can identify with the organization’s purpose
and direction.
 To facilitate the translation of objective and goals into a work structure involving the
assignment of tasks to responsible elements within the organization.
 To specify organizational purposes and the translation of these purposes into goals
in such a way that cost, time, and performance parameters can be assessed and
controlled.
The following points must be considered while writing a good mission statement of a
company:
(i) To establish the special identity of the business - one that typically distinct it from
other similarly positioned companies.
(ii) Good mission statements should be unique to the organisation for which they are
developed.

(iii) Needs which business tries to satisfy, customer groups it wishes to target and the
technologies and competencies it uses and the activities it performs.
(b) A strategic alliance is a relationship between two or more businesses that enables each to
achieve certain strategic objectives which neither would be able to achieve on its own. The
strategic partners maintain their status as independent and separate entities, share the
benefits and control over the partnership, and continue to make contributions to the
alliance until it is terminated.
Advantages of Strategic Alliance
Strategic alliance usually is only formed if they provide an advantage to all the parties in
the alliance. These advantages can be broadly categorised as follows:
1. Organizational: Strategic alliance helps to learn necessary skills and obtain certain
capabilities from strategic partners. Strategic partners may also help to enhance
productive capacity, provide a distribution system, or extend supply chain. Strategic
partners may provide a good or service that complements thereby creating a synergy.
Having a strategic partner who is well-known and respected also helps add legitimacy
and creditability to a new venture.
2. Economic: There can be reduction in costs and risks by distributing them across the
members of the alliance. Greater economies of scale can be obtained in an alliance,
as production volume can increase, causing the cost per unit to decline. Finally,
partners can take advantage of co-specialization, creating additional value.
3. Strategic: Rivals can join together to cooperate instead of compete. Vertical
integration can be created where partners are part of supply chain. Strategic alliances
may also be useful to create a competitive advantage by the pooling of resources and
skills. This may also help with future business opportunities and the development of
new products and technologies. Strategic alliances may also be used to get access
to new technologies or to pursue joint research and development.
4. Political: Sometimes strategic alliances are formed with a local foreign business to
gain entry into a foreign market either because of local prejudices or legal barriers to
entry. Forming strategic alliances with politically-influential partners may also help
improve your own influence and position.
Question 9
(a) Discuss in what conditions rivalry among competitors tends to be cut-throat and profitability
of the industry goes down. (5 Marks)
(b) Discuss the various approaches for evaluating the worth of a business. (5 Marks)
Answer
(a) The intensity of rivalry in an industry is a significant determinant of industry attractiveness
and profitability. The intensity of rivalry can influence the costs of suppliers, distribution,
and of attracting customers and thus directly affect the profitability. The more intensive the

rivalry, the less attractive is the industry. Rivalry among competitors tends to be cutthroat
and industry profitability low when
(i) An industry has no clear leader.
(ii) Competitors in the industry are numerous.
(iii) Competitors operate with high fixed costs.
(iv) Competitors face high exit barriers.
(v) Competitors have little opportunity to differentiate their offerings.
(vi) The industry faces slow or diminished growth.
(b) Various approaches for determining a business’s worth can be grouped into three main
approaches:
(i) Net worth or stockholders’ equity: Net worth is the total assets minus total outside
liabilities of an organisation.
(ii) Future benefits to owners through net profits: These benefits are considered to
be much greater than the amount of profits. A conservative rule of thumb is to
establish a business’s worth as five times the firm’s current annual profit. A five -year
average profit level could also be used.
(iii) Market-determined business worth: This approach involves three methods. First,
the firm’s worth may be based on the selling price of a similar company. The second
approach is called the price-earnings ratio method whereby the market price of the
firm’s equity shares is divided by the annual earnings per share and multiplied by the
firm’s average net income for the preceding years. The third approach can be called
the outstanding shares method whereby one has to simply multiply the number of
shares outstanding by the market price per share and add a premium.
Question 10
(a) Distinguish between transformational leadership style and transactional leadership style.
(b) Explain concept and nature of BPR. (5 Marks)
OR
Write a short note on the concept of cost leadership strategy and how to achieve it?
(5 Marks)
Answer
(a) Difference between transformational and transactional leadership are as follows:
1. Transformational leadership style uses charisma and enthusiasm to inspire people to
exert them for the good of organization. Transactional leadership style uses the
authority of its office to exchange rewards such as pay, status symbols etc.

2. Transformational leadership style may be appropriate in turbulent environment, in

industries at the very start or end of their cycles, poorly performing organisations,
when there is a need to inspire a company to embrace major changes. Transactional
leadership style can be appropriate in static environment, in growing or mature
industries and in organisations that are performing well.
3. Transformational leaders inspire employees by offering excitement, vision,
intellectual stimulation and personal satisfaction. Transactional leaders prefer a more
formalized approach to motivation, setting clear goals with explicit rewards or
penalties for achievement and non-achievement. Transactional leaders focus mainly
to build on existing culture and enhance current practices.
(b) BPR stands for business process reengineering which means starting all over again from
scratch. It refers to the analysis and redesign of workflows and processes both within and
between the organisations. Its objective is to improve performance in terms of time, cost,
quality, and responsiveness to customers. It implies giving up old practices and adopting
the improved ones. It is an effective tool of realising new strategies.
Improving business processes is paramount for businesses to stay competitive in today’s
marketplace. New technologies are rapidly bringing new capabilities to businesses,
thereby raising the strategical options and the need to improve busines s processes
dramatically. Even the competition has become harder. In today’s market place, major
changes are required to just stay even.
OR
Cost leadership strategy requires vigorous pursuit of cost reduction in the areas of
procurement, production, storage and distribution of product or service and also economies
in overhead costs. Accordingly, the cost leader is able to charge a lower price for its
products than its competitors and still make satisfactory profits. The low cost leadership
should be such that no competitors are able to imitate so that it can result in sustainable
competitive advantage to the cost leader firm.
To achieve cost leadership, following are the actions that could be taken:
1. Forecast the demand of a product or service promptly.
2. Optimum utilization of the resources to get cost advantages.
3. Achieving economies of scale leads to lower per unit cost of product/servic e.
4. Standardisation of products for mass production to yield lower cost per unit.
5. Invest in cost saving technologies and try using advance technology for smart
working.
6. Resistance to differentiation till it becomes essential.

Answer any five questions from the rest.
Question 1
(a) Data Analytics is the process of examining data sets to draw conclusions about the
information they contain, increasingly with the aid of specialized systems and software,
List out any three application areas of Data Analytics in today's world. (3 Marks)
(b) Briefly explain any two types of Mortgage loan in a Banking system. (2 Marks)
Answer
(a) Application Areas of Application areas of Data Analytics are as follows:
• Data Analytics initiatives support a wide variety of business uses. For example, banks
and credit card companies analyse withdrawal and spending patterns to prevent fraud
and identity theft.
• E-commerce companies and marketing services providers do clickstream analysis to
identify website visitors who are more likely to buy a product or service based on
navigation and page-viewing patterns.
• Mobile network operators examine customer data to forecast so they can take steps to
prevent defections to business rivals; to boost customer relationship management
efforts. Other companies engage in CRM analytics to segment customers for marketing
campaigns and equip call centre workers with up-to-date information about callers.
• Healthcare organizations mine patient data to evaluate the effectiveness of treatments
for cancer and other diseases.
(b) Mortgage Loan in a Banking system are as follows:
• Home Loan: This is a traditional mortgage where customer has an option of selecting
fixed or variable rate of interest and is provided for the purchase of property.
• Top Up Loan: Here the customer already has an existing loan and is applying for
additional amount either for refurbishment or renovation of the house.
• Loans for Under Construction Property: In case of under construction properties
the loan is disbursed in tranches / parts as per construction plan.
Question 2
(a) Protecting the integrity of a database when application software acts as an interface to
interact between the user and the database are called update controls and report controls.
Discuss any three update controls and three report controls. (6 Marks)

(b) After defining risk appetite, strategies are set to manage risks. Explain any four risk
management strategies. (4 Marks)
Answer
(a) Major Update Controls under Database Controls are as follows:
• Sequence Check between Transaction and Master Files: Synchronization and the
correct sequence of processing between the master file and transaction file is critical
to maintain the integrity of updating, insertion or deletion of records in the master file
with respect to the transaction records. If errors, in this stage are overlooked, it leads
to corruption of the critical data.
• Ensure All Records on Files are processed: While processing, the transaction file
records mapped to the respective master file, and the end-of-file of the transaction
file with respect to the end-of-file of the master file is to be ensured.
• Process multiple transactions for a single record in the correct order: Multiple
transactions can occur based on a single master record (e.g. dispatch of a product to
different distribution centers). Here, the order in which transactions are processed
against the product master record must be done based on a sorted transaction codes.
• Maintain a suspense account: When mapping between the master record to
transaction record results in a mismatch due to failure in the corresponding record
entry in the master record; then these transactions are maintained in a suspense
account.
Major Report Controls under Database Controls are as follows:
• Standing Data: Application programs use many internal tables to perform various
functions like gross pay calculation, billing calculation based on a price table, bank
interest calculation etc. Maintaining integrity of the pay rate table, price table and
interest table is critical within an organization.
• Print-Run-to Run Control Totals: Run-to-Run control totals help in identifying errors
or irregularities like record dropped erroneously from a transaction file, wrong
sequence of updating or the application software processing errors.
• Print Suspense Account Entries: Similar to the update controls, the suspense
account entries are to be periodically monitors with the respective error file and action
taken on time.
• Existence/Recovery Controls: The back-up and recovery strategies together
encompass the controls required to restore failure in a database. Backup strategies
are implemented using prior version and logs of transactions or changes to the
database. Recovery strategies involve roll-forward (current state database from a
previous version) or the roll-back (previous state database from the current version)
methods.

(b) Various Risk Management Strategies are as follows:

• Tolerate/Accept the risk. One of the primary functions of management is managing
risk. Some risks may be considered minor because their impact and probability of
occurrence is low. In this case, consciously accepting the risk as a cost of doing
business is appropriate, as well as periodically reviewing the risk to ensure its impact
remains low.
• Terminate/Eliminate the risk. It is possible for a risk to be associated with the use
of a technology, supplier, or vendor. The risk can be eliminated by replacing the
technology with more robust products and by seeking more capable suppliers and
vendors.
• Transfer/Share the risk. Risk mitigation approaches can be shared with trading
partners and suppliers. A good example is outsourcing infrastructure management.
In such a case, the supplier mitigates the risks associated with managing the IT
infrastructure by being more capable and having access to more highly skilled staff
than the primary organization. Risk also may be mitigated by transferring the cost of
realized risk to an insurance provider.
• Treat/mitigate the risk. Where other options have been eliminated, suitable controls
must be devised and implemented to prevent the risk from manifesting itself or to
minimize its effects.
• Turn back. Where the probability or impact of the risk is very low, then management
may decide to ignore the risk.
Question 3
(a) Many organizations are implementing Enterprise Resource Planning (ERP) software,
where it integrates all of the processes needed to run their business with a single system.
As a System analyst briefly explain the benefits of ERP systems. (6 Marks)
(b) Define any four constraints which are usually taken from the characteristics of grid
environment and application in order to develop grid computing security architecture.
(4 Marks)
Answer
(a) Benefits of an Enterprise Resource Planning (ERP) System are as follows:
• Information integration: The reason ERP systems are called integrated is because
they possess the ability to automatically update data between related business
functions and components. For example - one needs to only update the status of an
order at one place in the order-processing system; and all the other components will
automatically get updated.

• Reduction of lead-time: The elapsed time between placing an order and receiving it
is known as the Lead-time. The ERP Systems by virtue of their integrated nature with
many modules like Finance, Manufacturing, Material Management Module etc.; the
use of the latest technologies like EFT (Electronic Fund Transfer), EDI (Electronic
Data Interchange) reduce the lead times and make it possible for the organizations
to have the items at the time they are required.
• On-time Shipment: Since the different functions involved in the timely delivery of the
finished goods to the customers- purchasing, material management production,
production planning, plant maintenance, sales and distribution – are integrated and
the procedures automated; the chances of errors are minimal and the production
efficiency is high. Thus, by integrating the various business functions and automating
the procedures and tasks the ERP system ensures on-time delivery of goods to the
customers.
• Reduction in Cycle Time: Cycle time is the time between placement of the order
and delivery of the product. In an ERP System; all the data, updated to the minute, is
available in the centralized database and all the procedures are automated, almost
all these activities are done without human intervention. This efficiency of the ERP
systems helps in reducing the cycle time.
• Improved Resource utilization: The efficient functioning of the different modules in
the ERP system like manufacturing, material management, plant maintenance, sales
and distribution ensures that the inventory is kept to a minimum level, the machine
down time is minimum and the goods are produced only as per the demand and the
finished goods are delivered to the customer in the most efficient way. Thus, the ERP
systems help the organization in drastically improving the capacity and resource
utilization.
• Better Customer Satisfaction: Customer satisfaction means meeting or exceeding
customer’s requirements for a product or service. With the help of web -enabled ERP
systems, customers can place the order, track the status of the order and make the
payment sitting at home. Since all the details of the product and the customer are
available to the person at the technical support department also, the company will be
able to better support the customer.
• Improved Supplier Performance: ERP systems provide vendor management and
procurement support tools designed to coordinate all aspects of the procurement
process. They support the organization in its efforts to effectively negotiate, monitor
and control procurement costs and schedules while assuring superior product quality.
The supplier management and control processes are comprised of features that will
help the organization in managing supplier relations, monitoring vendor activities and
managing supplier quality.

• Increased Flexibility: ERP Systems help the companies to remain flexible by making
the company information available across the departmental barriers and automating
most of the processes and procedures, thus enabling the company to react quickly to
the changing market conditions.
• Reduced Quality Costs: Quality is defined in many different ways- excellence,
conformance to specifications, fitness for use, value for the price and so on. The ERP
System’s central database eliminates redundant specifications and ensures that a
single change to standard procedures takes effect immediately throughout the
organization. The ERP systems also provide tools for implementing total quality
management programs within an organization.
• Better Analysis and Planning Capabilities: Another advantage provided by ERP
Systems is the boost to the planning functions. By enabling the comprehensive and
unified management of related business functions such as production, finance,
inventory management etc. and their data, it becomes possible to utilize fully many
types of Decision Support Systems (DSS) and simulation functions, what-if analysis
and so on; thus, enabling the decision-makers to make better and informed decisions.
• Improved information accuracy and decision-making capability: The three
fundamental characteristics of information are accuracy, relevancy and timeliness.
The information needs to be accurate, relevant for the decision-maker and available
to the decision-makers when he requires it. The strength of ERP Systems- integration
and automation – help in improving the information accuracy and help in better
decision-making.
• Use of Latest Technology: ERP packages are adapted to utilize the latest
developments in Information Technology such as open systems, client/server
technology, Cloud Computing, Mobile computing etc. It is this adaptation of ERP
packages to the latest changes in IT that makes the flexible adaptation to changes in
future development environments possible.
(b) To develop grid computing security architecture, following constraints are taken from the
characteristics of grid environment and application:
• Single Sign-on: A user should authenticate once and they should be able to acquire
resources, use them, and release them and to communicate internally without any
further authentication.
• Protection of Credentials: User passwords, private keys, etc. should be protected.
• Interoperability with local security solutions: Access to local resources should
have local security policy at a local level. Despite of modifying every local resource
there is an inter-domain security server for providing security to local resource.
• Exportability: The code should be exportable i.e. they cannot use a large amount of
encryption at a time. There should be a minimum communication at a time.

• Support for secure group communication: In a communication, there are number

of processes which coordinate their activities. This coordination must be secure and
for this there is no such security policy.
• Support for multiple implementations: There should be a security policy which
should provide security to multiple sources based on public and private key
cryptography.
Question 4
(a) Once the complete business of a bank is captured by technology and processes are
automated in Core Banking System (CBS), the data of the bank, customer, management
and staff are completely dependent on the Data Centre. From a risk assessment point of
view, it is critical to ensure that the bank can impart training to its staff in the core areas of
technology for efficient risk management. Explain any six common IT risks related to CBS.
(6 Marks)
(b) Public cloud is the cloud infrastructure that is provisioned for open use by the general
public. Explain any four characteristics of public cloud. (4 Marks)
Answer
(a) The common IT risks related to Core Banking Systems (CBS) are as follows:
• Ownership of Data/ process: Data resides at the Data Centre. Establish clear
ownership.
• Authorization process: Anybody with access to the CBS, including the customer
himself, can enter data directly. What is the authorization process? If the process is
not robust, it can lead to unauthorized access to the customer information.
• Authentication procedures: Usernames and Passwords, Personal Identification
Number (PIN), One Time Password (OTP) are some of the most commonly used
authentication methods. However, these may be inadequate and hence the user
entering the transaction may not be determinable or traceable.
• Several software interfaces across diverse networks: A Data Centre can have as
many as 75-100 different interfaces and application software. A data center must also
contain adequate infrastructure, such as power distribution and supplemental power
subsystems, including electrical switching; uninterruptable power supplies; backup
generators and so on. Lapse in any of these may lead to real-time data loss.
• Maintaining response time: Maintaining the interfacing software and ensuring
optimum response time and up time can be challenging.
• User Identity Management: This could be a serious issue. Some Banks may have
more than 5000 users interacting with the CBS at once.

• Access Controls: Designing and monitoring access control is an extremely

challenging task. Bank environments are subject to all types of attacks; thus, a strong
access control system is a crucial part of a bank’s overall security plan. Access
control, however, does vary between branch networks and head office locations.
• Incident handling procedures: Incident handling procedures are used to address
and manage the aftermath of a security breach or cyberattack. However, these at
times, may not be adequate considering the need for real-time risk management.
• Change Management: Though Change management reduces the risk that a new
system or other change will be rejected by the users; however, at the same time, it
requires changes at application level and data level of the database - Master files,
transaction files and reporting software.
(b) The characteristics of Public Cloud are as follows:
• Highly Scalable: The resources in the public cloud are large in number and the
service providers make sure that all requests are granted. Hence public clouds are
scalable.
• Affordable: The cloud is offered to the public on a pay-as-you-go basis; hence the
user has to pay only for what he or she is using on a per-hour basis. And this does
not involve any cost related to the deployment.
• Less Secure: Since it is offered by a third party and they have full control over the
cloud, the public cloud is less secure out of all the other deployment models.
• Highly Available: It is highly available because anybody from any part of the world
can access the public cloud with proper permission, and this is not possible in other
models as geographical or other access restrictions might be there.
• Stringent Service Level Agreements (SLAs): As the service provider’s business
reputation and customer strength are totally dependent on the cloud services, they
follow the SLAs strictly and violations are avoided.
Question 5
(a) Enterprise Risk Management (ERM) framework consists of integrated components that are
derived from the way management runs a business and are integrated with the
management process. Define any six components of ERM framework. (6 Marks)
(b) (i) Define any two information system controls based on objectives of controls.
(2 Marks)
(ii) Name any four activities executed by the Operating System. (2 Marks)
OR
Write short note on Cryptography.

Answer
(a) The components of Enterprise Resource Management (ERM) framework are as follows:
(i) Internal Environment: The internal environment encompasses the tone of an
organization and sets the basis for how risk is viewed and addressed by an entity’s
people, including risk management philosophy and risk appetite, integrity and ethical
values, and the environment in which they operate. Management sets a philosophy
regarding risk and establishes a risk appetite. The internal environment sets the
foundation for how risk and control are viewed and addressed by an entity’s people.
The core of any business is its people – their individual attributes, including integrity,
ethical values and competence – and the environment in which they operate. They
are the engine that drives the entity and the foundation on which everything rests.
(ii) Objective Setting: Objectives should be set before management can identify events
potentially affecting their achievement. ERM ensures that management has a process
in place to set objectives and that the chosen objectives support and align with the
entity’s mission/vision and are consistent with the entity’s risk appetite.
(iii) Event Identification: Potential events that might have an impact on the entity should
be identified. Event identification includes identifying factors – internal and external –
that influence how potential events may affect strategy implementation and
achievement of objectives. It includes distinguishing between potential events that
represent risks, those representing opportunities and those that may be both.
Opportunities are channelled back to management’s strategy or objective-setting
processes. Management identifies inter-relationships between potential events and
may categorize events to create and reinforce a common risk language across the
entity and form a basis for considering events from a portfolio perspective.
(iv) Risk Assessment: Identified risks are analyzed to form a basis for determining how
they should be managed. Risks are associated with related objectives that may be
affected. Risks are assessed on both an inherent and a residual basis, and the
assessment considers both risk likelihood and impact. A range of possible results
may be associated with a potential event, and management needs to consider them
together.
(v) Risk Response: Management selects an approach or set of actions to align assessed
risks with the entity’s risk tolerance and risk appetite, in the context of the strategy
and objectives. Personnel identify and evaluate possible responses to risks, including
avoiding, accepting, reducing and sharing risk.
(vi) Control Activities: Policies and procedures are established and executed to help
ensure that the risk responses that management selected, are effectively carried out.
(vii) Information and Communication: Relevant information is identified, captured and
communicated in a form and time frame that enable people to carry out their

responsibilities. Information is needed at all levels of an entity for identifying,

assessing and responding to risk. Effective communication also should occur in a
broader sense, flowing down, across and up the entity. Personnel need to re ceive
clear communications regarding their role and responsibilities.
(viii) Monitoring: The entire ERM process should be monitored, and modifications made
as necessary. In this way, the system can react dynamically, changing as conditions
warrant. Monitoring is accomplished through ongoing management activities,
separate evaluations of the ERM processes or a combination of the both.
(b) (i) The Information System controls based in their objective of controls are as follows:
• Preventive Controls: These controls prevent errors, omissions, or security
incidents from occurring. Examples include simple data-entry edits that block
alphabetic characters from being entered in numeric fields, access controls that
protect sensitive data/ system resources from unauthorized people, and
complex and dynamic technical controls such as anti-virus software, firewalls,
and intrusion prevention systems. In other words, Preventive Controls are those
inputs, which are designed to prevent an error, omission or malicious act
occurring. Some of the examples of preventive controls can be Employing
qualified personnel; Segregation of duties; Access control; Vaccination against
diseases; Documentation; Prescribing appropriate books for a course; Training
and retraining of staff; Authorization of transaction; Validation, edit checks in the
application; Firewalls; Anti-virus software (sometimes this acts like a corrective
control also), etc., and Passwords.
• Detective Controls: These controls are designed to detect errors, omissions or
malicious acts that occur and report the occurrence. In other words, Detective
Controls detect errors or incidents that elude preventive controls. For example,
a detective control may identify account numbers of inactive accounts or
accounts that have been flagged for monitoring of suspicious activities.
Detective controls can also include monitoring and analysis to uncover activities
or events that exceed authorized limits or violate known patterns in data that
may indicate improper manipulation. For sensitive electronic communications,
detective controls can indicate that a message has been corrupted or the
sender’s secure identification cannot be authenticated. Some of the examples
of Detective Controls are: Review of payroll reports; Compare transactions on
reports to source documents; Monitor actual expenditures against budget; Use
of automatic expenditure profiling where management gets regular reports of
spend to date against profiled spend; Hash totals; Check points in production
jobs; Echo control in telecommunications; Duplicate checking of calculations;
Past-due accounts report; The internal audit functions; Intrusion Detection
System; Cash counts and bank reconciliation and Monitoring expenditures
against budgeted amount.

• Corrective Controls: It is desirable to correct errors, omissions, or incidents

once they have been detected. They vary from simple correction of data-entry
errors, to identifying and removing unauthorized users or software from systems
or networks, to recovery from incidents, disruptions, or disasters. Generally, it is
most efficient to prevent errors or detect them as close as possible to their
source to simplify correction. These corrective processes also should be subject
to preventive and detective controls, because they represent another
opportunity for errors, omissions, or falsification. Corrective controls are
designed to reduce the impact or correct an error once it has been detected.
Corrective controls may include the use of default dates on invoices where an
operator has tried to enter the incorrect date. Some of the other examples of
Corrective Controls are submitting corrective journal entries after discovering an
error; A Business Continuity Plan (BCP); Contingency planning; Backup
procedure; Rerun procedures; Change input value to an application system; and
Investigate budget variance and report violations.
(ii) The activities executed by Operating System are as follows:
• Performing hardware functions
• User Interfaces
• Hardware Independence
• Memory Management
• Task Management
• Networking Capability
• Logical Access Security
• File management
OR
(ii) Cryptography: It deals with programs for transforming data into cipher text that are
meaningless to anyone, who does not possess the authentication to access the
respective system resource or file. A cryptographic technique encrypts data (clear
text) into cryptograms (cipher text) and its strength depends on the time and cost to
decipher the cipher text by a cryptanalyst. Three techniques of cryptography are
transposition (permute the order of characters within a set of data), substitution
(replace text with a key-text) and product cipher (combination of transposition and
substitution).


Answer any four questions from the rest.
Question 6
ABC Ltd. is a beverage manufacturing company. It chiefly manufactures soft drinks. The
products are priced on the lower side which has made the company a leader in the business.
Currently it is holding 35 percent market share. The R & D of company developed a formula for
manufacturing sugar free beverages. On successful trial and approval by the competent
authorities, company was granted to manufacture sugar free beverages. This company is the
pioneer to launch sugar free beverages which are sold at a relatively higher price. This new
product has been accepted widely by a class of customers. These produc ts have proved
profitable for the company. Identify the strategy employed by the company ABC Ltd. and
mention what measures could be adopted by the company to achieve the employed strategy.
(5 Marks)
Answer
According to Porter, strategies allow organizations to gain competitive advantage from three
different bases: cost leadership, differentiation, and focus. Porter called these base generic
strategies.
ABC Ltd. has opted Differentiation Strategy. The company has invested huge amount in R &
D and developed a formula for manufacturing sugar free beverages to give the customer value
and quality. They are pioneer and serve specific customer needs that are not met by other
companies in the industry. The new product has been accepted by a class of customers.
Differentiated and unique sugar free beverages enable ABC Ltd. to charge relatively higher
for its products hence making higher profits and maintain its competitive position in the market.
Sugar free beverage of ABC Ltd. is being accepted widely by a class of customers.
Differentiation strategy is aimed at broad mass market and involves the creation of a product or
service that is perceived by the customers as unique. The uniqueness can be associated with
product design, brand image, features, technology, and dealer network or customer service.
Achieving Differentiation Strategy
To achieve differentiation, following strategies are generally adopted by an organization:
1. Offer utility to the customers and match products with their tastes and preferences.
2. Elevate/Improve performance of the product.
3. Offer the high-quality product/service for buyer satisfaction.
4. Rapid product innovation to keep up with dynamic environment.

5. Taking steps for enhancing brand image and brand value.

6. Fixing product prices based on the unique features of product and buying capacity of the
customer.
Question 7
(a) Draw 'Divisional Structure' with the help of a diagram. Also, give advantages and
disadvantages of this structure in brief. (5 Marks)
(b) What is strategic control? Kindly explain the statement that "premise control is a tool for
systematic and continuous monitoring of the environment". (5 Marks)
Answer
(a) Divisional structure is that organizational structure which is based on extensive delegation
of authority and built on division basis. The divisional structure can be organized in one of
the four ways: by geographic area, by product or service, by customer, or by process. With
a divisional structure, functional activities are performed both centrally and in each division
separately.
Figure: Divisional Structure

Advantages of divisional structure
• Accountability is clear: Divisional managers can be held responsible for sales and
profit levels. Because a divisional structure is based on extensive delegation of
authority, managers and employees can easily see the results of their good or bad
performances and thus their morale is high.
• Other advantages: It creates career development opportunities for managers, allows
local control of local situations, leads to a competitive climate within an organization,
and allows new businesses and products to be added easily.

Disadvantages of divisional structure

• Higher cost: Owing to following reasons: (i). requires qualified functional specialist
at different divisions and needed centrally (at headquarters); (ii). It requires an
elaborate, headquarters –driven control system.
• Conflicts between divisional managers: Certain regions, products, or customers
may sometimes receive special treatment, and it may be difficult to maintain
consistent, company-wide practices.
(b) Strategic Control
Strategic control is the process of evaluating formulated and implemented strategy. It
is directed towards identifying changes in the internal and external environments of the
organization and making necessary adjustments accordingly.
Strategic Control focuses on the dual questions of whether: (1) the strategy is being
implemented as planned; and (2) the results produced by the strategy are those intended.
Yes, Premise control is a tool for systematic and continuous monitoring of the
environment to verify the validity and accuracy of the premises on which the strategy has
been built. It primarily involves monitoring two types of factors:
(i) Environmental factors such as economic (inflation, liquidity, interest rates),
technology, social and legal-regulatory.
(ii) Industry factors such as competitors, suppliers, substitutes.
It is neither feasible nor desirable to control all types of premises in the same manner.
Different premises may require different amount of control. Thus, managers are required
to select those premises that are likely to change and would severely impact the functioning
of the organization and its strategy.
Question 8
(a) Discuss the guidelines for selection of Research & Development expertise by an
organization. (5 Marks)
(b) Why companies should go global? Mention any five reasons. (5 Marks)
Answer
(a) A critical question is whether a firm should develop research and development expertise
internally or outside to external agencies. The answer to this critical question mainly
depends on rate of technology progress and rate of market growth. The following
guidelines can be used to help make this decision:
 If the rate of technical progress is slow, the rate of market growth is moderate,
and there are significant barriers to possible new entrants, then in-house R&D is the
preferred solution. The reason is that R&D, if successful, will result in a temporary

product or process monopoly that the company can exploit.

 If technology is changing rapidly and the market is growing slowly, then a major
effort in R&D may be very risky, because it may lead to the development of an
ultimately obsolete technology or one for which there is no market.
 If technology is changing slowly but the market is growing quickly, there
generally is not enough time for in-house development. The prescribed approach is
to obtain R&D expertise on an exclusive or non-exclusive basis from an outside
firm.
 If both technical progress and market growth are fast, R&D expertise should be
obtained through acquisition of a well-established firm in the industry.
(b) There are several reasons why companies go global. These are discussed as
follows:
• One reason could be the rapid shrinking of time and distance across the globe -
thanks to faster communication, speedier transportation, growing financial flows and
rapid technological changes.
• It is being realized that the domestic markets are no longer adequate and rich.
Companies globalize to take advantage of opportunities available elsewhere.
• A new product may gradually get acceptance and grow locally and then globally.
This may initially be in form of exports and then later production facilities may begin
in other countries.
• Organizations may go global to take advantage of cheaper raw material and
labour costs.
• Companies often set up overseas plants to reduce high transportation costs.
• The motivation to go global in high-tech industries is slightly different. Companies
in electronics and telecommunications must spend large sums on research and
development for new products and thus may be compelled to seek ways to improve
sales volume to support high overhead expenses.
• The companies may also go global to take advantage of local taxation laws.
• To form strategic alliances to ward off economic and technological threats and
leverage their respective comparative and competitive advantages.
Question 9
(a) State the factors of human resource that have a strong influence on employee competence.
(5 Marks)
(b) What is strategic vision? Describe the essentials of strategic vision. (5 Marks)

Answer
(a) Human resource management has been accepted as a strategic partner in the
formulation of organization’s strategies and in the implementation of such strategies
through human resource planning, employment, training, appraisal and reward systems.
The following points should be kept in mind as they can have a strong influence on
employee competence:
1. Recruitment and selection: The workforce will be more competent if a firm can
successfully identify, attract, and select highly competent applicants.
2. Training: The workforce will be more competent if employees are well trained to
perform their jobs properly.
3. Appraisal of performance: The performance appraisal is to identify any performance
deficiencies experienced by employees due to lack of competence. Such deficiencies,
once identified, can often be solved through counseling, coaching or training.
4. Compensation: A firm can usually increase the competency of its workforce by
offering pay, benefits and rewards that are not only attractive than those of their
competitors but also recognizes merit.
(b) Strategic Vision
A strategic vision is a roadmap of a company’s future – providing specifics about
technology and customer focus, the geographic and product markets to be pursued, the
capabilities it plans to develop, and the kind of company that management is trying to
create. It helps the company to answer the question “where we are to go” and provides
a convincing rationale for why this makes good business sense for the company.
A strategic vision delineates organization’s aspirations for the business, providing a
panoramic view of the position where the organization is going. A strategic vision points
an organization in a particular direction, charts a strategic path for it to follow in preparing
for the future, and molds organizational identity.
Essentials of a strategic vision
 The entrepreneurial challenge in developing a strategic vision is to think creatively
about how to prepare a company for the future.
 Forming a strategic vision is an exercise in intelligent entrepreneurship.
 A well-articulated strategic vision creates enthusiasm among the members of the
organization.
 The best-worded vision statement clearly illuminates the direction in which
organization is headed.

Question 10
(a) "There is a need for Strategic Management for government and medical organization too."
Comments. (5 Marks)
(b) Briefly describe the meaning of divestment and liquidation strategy and establish difference
between the two.
OR
Write a short note on requirement of strategy audit. What are the basic activities of
strategic audit? (5 Marks)
Answer
(a) Need for strategic management for government and medical organization
Yes, there is a need of strategic management for government and medical organizations
like the commercial organizations because optimum utilization of resources in view of their
scarcity, good strategy formulation and its effective implementation & proper monitoring is
needed equally in both types of organizations.
Organizations can be classified as commercial and non-commercial on the basis of the
interest they have. Typically, a government or medical organization may function without
any commercial objectives. A commercial organization has profit as its main aim. We can
find many organizations around us, which do not have any commercial objective of making
profits. Their genesis may be for social, charitable, or educational purposes.
The strategic-management process is being used effectively by countless non-profit
governmental organizations. Many non-profit and governmental organizations
outperform private firms and corporations on innovativeness, motivation, productivity, and
human resource.
Compared to for-profit firms, non-profit and governmental organizations often function as
a monopoly, produce a product or service that offers little or no measurability of
performance, and are totally dependent on outside financing. Especially for these
organizations, strategic management provides an excellent vehicle for developing
and justifying requests for needed financial support.
Government Organizations: Central, state, municipal agencies, public sector units,
department are responsible for formulating, implementing and evaluating strategies that
use taxpayers’ money in the most cost-effective way to provide services and programs.
Therefore, strategic management concepts are required for them.
Medical Organizations: Modern hospitals quite often are using strategic management for
creating new strategy and implementing properly for diagnosis and treatment of different
diseases at lower price. Forward and Backward integration strategies are also required in
hospitals for providing better services at lower cost.

(b) Divestment strategy involves the sale or liquidation of a portion of business, or a

major division, profit centre or SBU. Divestment is usually a part of rehabilitation or
restructuring plan and is adopted when a turnaround has been attempted but has proved
to be unsuccessful.
Liquidation strategy is a retrenchment strategy considered the most extreme and
unattractive strategy, which involves closing down a firm and selling its assets.
Difference between Divestment strategy and Liquidation strategy:
Basis of Difference Divestment Strategy Liquidation Strategy
Meaning Divestment strategy involves Liquidation strategy
sale or liquidation of a involves closing down a
portion of business. firm and selling its
business.
Policy option Divestment is usually a part of Liquidation becomes only
rehabilitation or option in case of severe
restructuring plan and is and critical conditions
adopted when a turnaround where either turnaround or
has been attempted but has divestment are not seen as
proved to be unsuccessful. solution or have been
Option of a turnaround may attempted but failed.
even be ignored if it is obvious
that divestment is the only
answer.
Purpose Efforts are made for survival Liquidation as a form of
of the organization. retrenchment strategy is
unattractive and considered
as the last resort.
Consequences Survival of organization helps There is loss of
in retaining personnel, at employment and
least to some extent. opportunities with stigma
of failure.
Or
Need of Strategy Audit
A strategy audit is an examination and evaluation of areas affected by the operation of a
strategic management process within an organization.
A strategy audit is required under the following conditions:
 When the performance indicators reflect that a strategy is not working properly or
is not producing desired outcomes.

 When the goals and objectives of the strategy are not being accomplished.
 When a major change takes place in the external environment of the organization.
 When the top management plans:
(a) To fine-tune the existing strategies and introduce new strategies; and
(b) To ensure that a strategy that has worked in the past continues to be in-tune
with subtle internal and external changes that may have occurred since the
formulation of strategies.
Adequate and timely feedback is the cornerstone of effective strategy audit. Strategy audit
can be no better than the information on which it is based.
Strategy Audit includes three basic activities:
1. Examining the underlying bases of a firm’s strategy,
2. Comparing expected results with actual results, and
3. Taking corrective actions to ensure that performance conforms to plans.

Answer any five questions from the rest.
Question 1
(a) Write a short note on Extraction- Transformation-Load (ETL). (3 Marks)
(b) What is virtual memory? How does it differ from secondary memory? (2 Marks)
Answer
(a) Extraction-Transformation-Load (ETL)
 The concept of the data warehouse includes the process of extraction of data from
one or more of the organization’s databases, its transformation into an appropriate
form using different techniques like smoothing, aggregation, normalization etc. and
loading into the data warehouse which is itself another database for storage and
analysis.
 For ETL to be performed on a data, a data warehouse should be designed so that it
meets the following criteria:
o It uses non-operational data which means that the data warehouse is using a
copy of data from the active databases that the company uses in its day -to-day
operations.
o The data is time-variant which means a time-stamp is received whenever data
is loaded into the data warehouse.
o The data is to be standardized in case the data in a data warehouse comes from
different sources and does not use the same definitions or units.
 For example, the Events table in Student Clubs database lists the event dates using
the mm/dd/yyyy format (e.g. 01/10/2013) whereas a table in another database might
use the format yy/mm/dd (e.g.13/01/10) for dates. For the data warehouse to match
up dates, a standard date format would have to be agreed upon and all data loaded
into the data warehouse would have to be transformed to use this stan dard format
before its loading into the database for storage.
(b) Virtual Memory
 Virtual Memory is not a separate device but an imaginary memory area supported by
some operating systems (for example, Windows) in conjunction with the hardware. If
a computer lacks in required size of the Random-Access Memory (RAM) needed to
run a program or operation, Windows uses virtual memory to compensate.

2 INTERMEDIATE (NEW) EXAMINATION: JANUARY 2021
 Virtual memory is an allocation of temporary space on hard disk space to help RAM.
When RAM runs low, virtual memory moves data from RAM to a space called a paging
file. Moving data to and from the paging file frees up RAM to complete its work.
Differences between Virtual Memory and Secondary Memory are given below:
Virtual Memory Secondary Memory
Virtual Memory is an imaginary memory Secondary memory is a storage device
area that combines computer’s RAM with having features of non-volatility (contents
temporary space on the hard disk. are permanent in nature), greater
capacity (they are available in large size),
and greater economy.
When RAM runs low, virtual memory The secondary memory is available in
moves data from RAM to a space called bigger sizes; thus program and data can
a paging file. Moving data to and from the be stored permanently.
paging file frees up RAM to complete its
work.
Question 2
(a) The Goods and Service Tax (GST) rate in India for various goods and services is divided
broadly under 4 categories, draw a flowchart to compute Goods and Service Tax for the
goods manufactured as per table below.
Category (K) Rate
A 5%
B 12%
C 18%
D 28%
(6 Marks)
(b) Information systems have set high hopes to companies for their growth as it reduces
processing speed and helps in cutting cost. Being an auditor of ABC manufacturing
company, discuss the key areas that should pay attention to while evaluating Managerial
controls by top management. (4 Marks)
Answer
(a) Abbreviations used in flowchart are as follows:
K: category for various goods and services
PA, PB, PC, PD: Price of goods manufactured under categories A, B, C and D respectively.
Tax: Goods and Services tax

This flowchart is based on the assumption that the Price value (P A, PB, PC, PD) may vary
depending upon the category of Goods manufactured (A, B, C and D) respectively.
Start
Read K
If K=A? Read PA Tax=PA*0.05

Yes
No
If K=B? Read PB
Yes Tax=PB*0.12
No
If K=C? Read PC Tax=PC*0.18

Yes
No
Read PD Tax=PD*0.28
PrintTax
Stop

Alternate Presentation
This flowchart is based on the assumption that the Price value V is same for all the Goods
manufactured (A, B, C and D) irrespective of their category.
Abbreviations used in flowchart are as follows:
K: Category for various goods and services
V: Price of goods manufactured.
GST: Goods and Services tax
Start
Input V, K
GST=V*0.05 If K = A?
Yes
No
GST=V*0.12 If K = B?
Yes
No
GST=V*0.18 If K = C?
Yes
No
GST=V*0.28
Print/Display GST
Stop

(b) The key areas that auditors should pay attention to while evaluating Managerial controls
are as follows:
(i) Planning: Auditors need to evaluate whether top management has formulated a high-
quality information system’s plan that is appropriate to the needs of an organization
or not. A poor-quality information system is ineffective and inefficient leading to losing
of its competitive position within the marketplace.
(ii) Organizing: Auditors should be concerned about how well top management acquires
and manages staff resources.
(iii) Leading: Generally, the auditors examine variables that often indicate when
motivation problems exist or suggest poor leadership – for example, staff turnover
statistics, frequent failure of projects to meet their budget and absenteeism level to
evaluate the leading function. Auditors may use both formal and informal sources of
evidence to evaluate how well top managers communicate with their staff.
(iv) Controlling: Auditors should focus on subset of the control activities that should be
performed by top management – namely, those aimed at ensuring that the information
systems function accomplishes its objectives at a global level. Auditors must evaluate
whether top management’s choice to the means of control over the users of IS
services is likely to be effective or not.
Question 3
(a) Explain the concept of green computing. How will you develop a sustainable green
computing plan? (6 Marks)
(b) From traditional digital payment methods, India is moving towards newer methods of digital
payments. In light of the above statement, briefly explain following new methods.
(i) BHIM (ii) USSD (4 Marks)
Answer
(a) Green Computing
 Green Computing or Green IT refers to the study and practice of environmentally
sustainable computing or IT. It is the study and practice of establishing/ using
computers and IT resources in a more efficient and environmentally friendly and
responsible way.
 The objective of Green computing is to reduce the use of hazardous materials,
maximize energy efficiency during the product’s lifetime, and promote the recyclability
or biodegradability of defunct products and factory waste.
 Green computing’s practices include the implementation of energy-efficient Central
Processing Units (CPUs), servers and peripherals as well as reduced resource
consumption and proper disposal of electronic waste (e-waste).

The steps to develop a sustainable Green Computing plan are as follows:

 Involve stakeholders to include checklists, recycling policies, recommendations for
disposal of used equipment, government guidelines and recommendations for
purchasing green computer equipment in organizational policies and plans;
 Encourage the IT community for using the best practices and encourage them to
consider green computing practices and guidelines.
 On-going communication about and campus commitment to green IT best practices
to produce notable results.
 Include power usage, reduction of paper consumption, as well as recommendations
for new equipment and recycling old machines in organizational policies and plans;
and
 Use cloud computing so that multiple organizations share the same computing
resources thus increasing the utilization by making more efficient use of hardware
resources.
(b) (i) BHIM (Bharat Interface for Money)
 BHIM (Bharat Interface for Money) is a Mobile App developed by National
Payments Corporation of India (NPCI) based on UPI (Unified Payment
Interface). It facilitates e-payments directly through banks and supports all
Indian banks which use that platform.
 It is built on the Immediate Payment Service infrastructure and allows the user
to instantly transfer money between the bank accounts of any two parties.
 BHIM works on all mobile devices and enables users to send or receive money
to other UPI payment addresses by scanning QR code or using account number
with Indian Financial Systems Code (IFSC) code or MMID (Mobile Money
Identifier) Code for users who do not have a UPI-based bank account.
(ii) Unstructured Supplementary Service Data (USSD)
 Unstructured Supplementary Service Data (USSD) is a revolutionary idea where
to make payments through mobiles, there is neither need for internet nor any
smart phone.
 USSD banking or *99# Banking is a mobile banking based digital payment mode
and can be easily used with any normal feature phone.
 USSD banking is as easy as checking of mobile balance. S/he can use this
service for many financial and non-financial operations such as checking

balance, sending money, changing Mobile Banking Personal Identification

Number (MPIN) and getting Mobile Money Identifier (MMID).
Question 4
(a) Explain the stages of Money Laundering. (6 Marks)
(b) Define the Mortgage Loan. Briefly explain the types of Mortgage Loan. (4 Marks)
Answer
(a) The stages of Money Laundering are as follows:
(i) Placement: The first stage involves the Placement of proceeds derived from illegal
activities - the movement of proceeds, frequent currency from the scene of the crime
to a place, or into a form, less suspicious and more convenient for the criminal.
(ii) Layering: It involves the separation of proceeds from illegal source using complex
transactions designed to obscure the audit trail and hide the proceeds. The criminals
frequently use shell corporations, offshore banks or countries with loose regulation
and secrecy laws for this purpose. Layering involves sending the money through
various financial transactions to change its form and make it difficult to follow.
Layering may consist of several banks to bank transfers or wire transfers between
different accounts in different names in different countries making deposit and
withdrawals to continually vary the amount of money in the accounts changing the
money’s currency purchasing high value items (boats, houses cars, diamonds) to
change the form of money-making it hard to trace.
(iii) Integration: It involves conversion of illegal proceeds into apparently legitimate
business earnings through normal financial or commercial operations. Integration
creates the illusion of a legitimate source for criminally derived funds and involves
techniques as numerous and creative as those used by legitimate businesses. For
example- false invoices for goods exported, domestic loan against a foreign deposit,
purchasing of property and comingling of money in bank accounts.
(b) Mortgage Loan
 A Mortgage loan is a secured loan which is secured on the borrower’s property by
marking a lien on the property as collateral for the loan. If the borrower stops paying,
then the lender has the first charge on the property.
 Mortgages are used by individuals and businesses to make large real estate
purchases without paying the entire value of the purchase up front. Over the period
of many years, the borrowers repay the loan amount along with interest until there is
no outstanding.
Types of Mortgage Loan are as follows:
 Home Loan: This is a traditional mortgage where customer has an option of selecting
fixed or variable rate of interest and is provided for the purchase of property.

 Top Up Loan: Here the customer already has an existing loan and is applying for
additional amount either for refurbishment or renovation of the house.
 Loans for Under Construction Property: In case of under construction properties
the loan is disbursed in tranches / parts as per construction plan.
Question 5
(a) Using the automation technique in modem era of business, the business gets well
developed with a great customer satisfaction of its services and products in which the
customer-oriented supply chain plays a major role. List down the name of all the benefits
of Automating Business processes by explaining any four benefits. (6 Marks)
(b) Write a short note on (i) Digital Library (ii) Payment Gateway (4 Marks)
OR
Cloud based applications are now taking over Installed applications. What are the major
differences between Cloud based Applications and Installed Applications? Explain any
four.
Answer
(a) The benefits of automating Business Processes are as follows:
 Quality and Consistency
 Time Saving
 Visibility
 Improved Operational Efficiency
 Governance and Reliability
 Reduced Turnaround Times
 Reduced Costs
These benefits are explained below:
 Quality and Consistency: Ensures that every action is performed identically -
resulting in high quality, reliable results and stakeholders will consistently experience
the same level of service.
 Time Saving: Automation reduces the number of tasks employees would otherwise
need to do manually. It frees up time to work on items that add genuine value to the
business, allowing innovation and increasing employees’ levels of motivation.
 Visibility: Automated processes are controlled and they consistently operate
accurately within the defined timeline. It gives visibility of the process status to the
organization.

 Improved Operational Efficiency: Automation reduces the time it takes to achieve

a task, the effort required to undertake it and the cost of completing it successfully.
Automation not only ensures systems run smoothly and efficiently, but that errors are
eliminated and that best practices are constantly leveraged.
 Governance and Reliability: The consistency of automated processes means
stakeholders can rely on business processes to operate and offer reliable processes
to customers, maintaining a competitive advantage.
 Reduced Turnaround Times: Eliminate unnecessary tasks and realign process
steps to optimize the flow of information throughout production, service, billing and
collection. This adjustment of processes distils operational performance and reduces
the turnaround times for both staff and external customers.
 Reduced Costs: Manual tasks, given that they are performed one-at-a-time and at a
slower rate than an automated task, will cost more. Automation allows us to
accomplish more by utilizing fewer resources.
(b) (i) Digital Library
 A Digital Library is a special library with a focused collection of digital objects
that can include text, visual material, audio material, video material, stored as
electronic media formats (as opposed to print, microform, or other media), along
with means for organizing, storing, and retrieving the files and media contained
in the library collection.
 Digital libraries can vary immensely in size and scope, and can be maintained
by individuals, organizations, or affiliated with established physical library
buildings or institutions, or with academic institutions.
 The digital content may be stored locally or accessed remotely via computer
networks. An electronic library is a type of information retrieval system.
(ii) Payment Gateway
 Payment gateway is the payment mode through which customers shall make
payments. Payment gateway represents the way e-commerce / m-commerce
vendors collects their payments.
 The payment gateway is the last and most critical part of e-commerce
transactions. These assure seller of receipt of payment from buyer of
goods/services from e-commerce vendors.
 Presently numerous methods of payments by buyers to sellers are being used,
including Credit / Debit Card Payments, Online bank payments, Vendors own
payment wallet, Third Party Payment wallets, like SBI BUDDY or PAYTM, Cash
on Delivery (COD) and Unified Payments Interface (UPI).

OR
(b) Differences between Cloud based Applications and Installed Applications are given below:
Particulars Installed Applications Cloud Based Applications
Installation and As software is installed on Installation on user computer is not
Maintenance hard disc of the computer required. Update and maintenance
used by user, it needs to be are defined responsibility of service
installed on every computer provider.
one by one. This may take
lot of time. Also,
maintenance and updating
of software may take lot of
time and efforts.
Accessibility As software is installed on As software is available through
the hard disc of the user’s online access, to use the software a
computer, user needs to go browser and an internet connection
the computer only, i.e. the is needed. It can be used from any
computer where software is computer in the world. Access to the
installed, to use the software becomes very easy. Also, it
software. It cannot be used can be used 24 x 7.
from any computer.
Mobile Using the software through Mobile application becomes very
Application mobile application is easy as data is available 24x7. As
difficult in this case. technology evolves, mobile
technology is becoming an industry
norm that makes cloud based
application future oriented.
Data Storage Data is physically stored in Data is not stored in the user’s
the premises of the user, server computer. It is stored on a
i.e. on the hard disc of the web server. Ownership of data is
user’s server computer. defined in Service Level Agreement
Hence user will have full (SLA) that defines the rights,
control over the data. responsibilities and authority of both
service provider and service user.
Data Security As the data is in physical Data security is a challenge in case
control of the user, user of cloud based application as the
shall have the full physical data is not in control of the user or
control over the data and owner of data. As time evolves;
he/she can ensure that it is SLAs provides for details of back-up,
not accessed without disaster recovery alternatives being
proper access. used by service provider.

Performance A well written installed Access is dependent on speed of

application shall always be internet. Slow internet slows access
faster than web application, to information and may slow
reason being data is picked operations.
from local server without
internet.
Flexibility It shall have more flexibility The success of cloud based
and controls as compared applications is that they allow
to web application. It is very flexibility against both Capital
easy to write desktop Expenditure (CAPEX) and
applications that take Operating Expense (OPEX) to the
advantage of the user’s user. User can scale up operations
hardware (such as: as per need.
scanners, cameras, Wi-Fi,
serial ports, network ports,
etc.). Installed applications
have this dis-advantage of
higher Capital Expenditure
(CAPEX) in comparison to
cloud based application.

Answer any four questions from the rest.
Question 6
Mohan has joined as the new CEO of XYZ Corporation and aims to make it a dominant
technology company in the next five years. He aims to develop competencies for managers for
achieving better performance and a competitive advantage for XYZ Corporation. Mohan is well
aware of the importance of resources and capabilities in generating competitive advantage.
Discuss the four major characteristics of resources and capabilities required by XYZ
Corporation to sustain the competitive advantage and its ability to earn profits from it.
(5 Marks)
Answer
XYZ Corporation is aiming to transform into a dominant technology company under the
leadership of Mohan, the new CEO. He aims to develop competencies for managers for
achieving better performance and a competitive advantage for the corporation. Mohan is al so
well aware of the importance of resources and capabilities in generating and sustaining the
competitive advantage. Therefore he must focus on characteristics of resources and
capabilities of the corporation.
The sustainability of competitive advantage and a firm’s ability to earn profits from it depends,
to a great extent, upon four major characteristics of resources and capabilities which are as
follows:
1. Durability: The period over which a competitive advantage is sustained depends in part
on the rate at which a firm’s resources and capabilities deteriorate. In industries where
the rate of product innovation is fast, product patents are quite likely to become obsolete.
Similarly, capabilities which are the result of the management expertise of the CEO are
also vulnerable to his or her retirement or departure. On the other hand, many consumer
brand names have a highly durable appeal.
2. Transferability: Even if the resources and capabilities on which a competitive advantage
is based are durable, it is likely to be eroded by competition from rivals. The ability of
rivals to attack position of competitive advantage relies on their gaining access to the
necessary resources and capabilities. The easier it is to transfer resources and
capabilities between companies, the less sustainable will be the competitive advantage
which is based on them.
3. Imitability: If resources and capabilities cannot be purchased by a would-be imitator,
then they must be built from scratch. How easily and quickly can the competitors buil d
the resources and capabilities on which a firm’s competitive advantage is based? This is

the true test of imitability. Where capabilities require networks of organizational routines,
whose effectiveness depends on the corporate culture, imitation is difficult.
4. Appropriability: Appropriability refers to the ability of the firm’s owners to appropriate
the returns on its resource base. Even where resources and capabilities are capable of
offering sustainable advantage, there is an issue as to who receives the returns on these
resources.
Question 7
(a) Strategy execution is an operations-oriented activity which involves a good fit between
strategy and organizational capabilities, structure, climate & culture. Enumerate the
principal aspects of strategy execution process which are used in most of the situations.
(5 Marks)
(b) X Pvt. Ltd. had recently ventured into the business of co-working spaces when the global
pandemic struck.. This has resulted in the business line becoming unprofitable and
unviable, and a failure of the existing strategy. However, the other businesses of X Pvt.
Ltd. are relatively less affected by the pandemic as compared to the recent co-working
spaces. Suggest a strategy for X Pvt. Ltd. with reasons to justify your answer. (5 Marks)
Answer
(a) Implementation and execution are an operations-oriented activity aimed at shaping the
performance of core business activities in a strategy-supportive manner. To convert
strategic plans into actions and results, a manager must be able to direct organizational
change, motivate people, build and strengthen company’s competencies and competitive
capabilities, create a strategy-supportive work culture, and meet or beat performance
targets. Good strategy execution involves creating strong “fits” between strategy and
organizational capabilities, structure, climate & culture.
In most situations, strategy-execution process includes the following principal
aspects:
1. Developing budgets that steer ample resources into those activities critical to
strategic success.
2. Staffing the organization with the needed skills and expertise, consciously
building and strengthening strategy-supportive competencies and competitive
capabilities and organizing the work effort.
3. Ensuring that policies and operating procedures facilitate rather than impede
effective execution.
4. Using the best-known practices to perform core business activities and pushing
for continuous improvement.

5. Installing information and operating systems that enable company personnel to

better carry out their strategic roles day in and day out.
6. Motivating people to pursue the target objectives energetically.
7. Creating a company culture and work climate conducive to successful strategy
implementation and execution.
8. Exerting the internal leadership needed to drive implementation forward and
keep improving strategy execution. When the organization encounters stumbling
blocks or weaknesses, management has to see that they are addressed and
rectified quickly.
(b) It is advisable that divestment strategy should be adopted by X Pvt. Ltd.
In the given situation where the business of co-working spaces became unprofitable and
unviable due to Global pandemic, the best option for the company is to divest the loss
making business.
Retrenchment may be done either internally or externally. Turnaround strategy is
adopted in case of internal retrenchment where emphasis is laid on improving internal
efficiency of the organization, while divestment strategy is adopted when a business
turns unprofitable and unviable due to some external factors. In view of the above, the
company should go for divestment strategy.
Further, divestment helps address issues like:
1. Persistent cash flows from loss making segment could affect other profit-making
segments, which is the case in the given scenario.
2. Inability to cope from the losses, which again is uncertain due to pandemic.
3. Better investment opportunity, which could be the case if X Pvt. Ltd. can inve st the
money it generates from divestment.
Question 8
(a) ABC Limited is in a wide range of businesses which include apparels, lifestyle products,
furniture, real estate and electrical products. The company is looking to hire a suitable
Chief Executive Officer. Consider yourself as the HR consultant for ABC limited. You
have been assigned the task to enlist the activities involved with the role of the Chief
Executive Officer. Name the strategic level that this role belongs to and enlist the
activities associated with it. (5 Marks)
(b) Spacetek Pvt. Ltd. is an IT company. Although there is cut throat competition in the IT
sector, Spacetek deals with distinctive niche clients and is generating high efficiencies for
serving such niche market. Other rival firms are not attempting to specialize in the same
target market. Identify the strategy adopted by Spacetek Pvt. Ltd. and also explain the
advantages and disadvantages of that strategy. (5 Marks)

Answer
(a) The role of Chief Executive Officer pertains to Corporate level.
The corporate level of management consists of the Chief Executive Officer (CEO) and
other top-level executives. These individuals occupy the apex of decision making within
the organization.
The role of Chief Executive Officer is to:
1. oversee the development of strategies for the whole organization;
2. defining the mission and goals of the organization;
3. determining what businesses, it should be in;
4. allocating resources among the different businesses;
5. formulating, and implementing strategies that span individual businesses;
6. providing leadership for the organization;
7. ensuring that the corporate and business level strategies which company pursues
are consistent with maximizing shareholders wealth; and
8. managing the divestment and acquisition process.
(b) Spacetek Pvt. Ltd. company has adopted Focus strategy which is one of the Michael
Porter’s Generic strategies. Focus strategies are most effective when consumers have
distinctive preferences or requirements and when rival firms are not attempting to
specialize in the same target segment. An organization using a focus strategy may
concentrate on a particular group of customers, geographic markets, or on particular
product-line segments in order to serve a well-defined but narrow market better than
competitors who serve a broader market.
Advantages of Focus Strategy
1. Premium prices can be charged by the organizations for their focused
product/services.
2. Due to the tremendous expertise about the goods and services that organizations
following focus strategy offer, rivals and new entrants may find it difficult to
compete.
Disadvantages of Focus Strategy
1. The firms lacking in distinctive competencies may not be able to pursue focus
strategy.
2. Due to the limited demand of product/services, costs are high which can cause
problems.
3. In the long run, the niche could disappear or be taken over by larger competitors by
acquiring the same distinctive competencies.

Question 9
(a) Core competencies provide edge to a business over its competitors. Discuss. Also,
briefly state the three areas in which major core competencies are identified. (5 Marks)
(b) Sanya Private Limited is an automobile company. For the past few years, it has been
observed that the progress of the company has become stagnant.. When scrutinized, it
was found that the planning department was performing fairly well but the plans could not
be implemented due to improper use of resources, undesirable tendencies of workers
and non-conformance to norms and standards. You are hired as a Strategic Manager.
Suggest the elements of process of control to overcome the problem. (5 Marks)
Answer
(a) A core competence is a unique strength of an organization which may not be shared by
others. Core competencies are those capabilities that are critical to a business achieving
competitive advantage. In order to qualify as a core competence, the competency should
differentiate the business from any other similar businesses. An organization’s
combination of technological and managerial know-how, wisdom and experience are a
complex set of capabilities and resources that can lead to a competitive advantage
compared to a competitor.
According to C.K. Prahalad and Gary Hamel, major core competencies are identified in
following three areas:
1. Competitor differentiation: The Company can consider having a core competence
if the competence is unique and it is difficult for competitors to imitate. This can
provide a company an edge compared to competitors. It allows the company to
provide better products and services to market with no fear that competitors can
copy it.
2. Customer value: When purchasing a product or service it has to deliver a
fundamental benefit for the end customer in order to be a core competence. It will
include all the skills needed to provide fundamental benefits. The service or the
product has to have real impact on the customer as the reason to choose to
purchase them. If customer has chosen the company without this impact, then
competence is not a core competence and it will not affect the company’s market
position.
3. Application of competencies to other markets: Core competence must be
applicable to the whole organization; it cannot be only one particular skill or
specified area of expertise. Therefore, although some special capability would be
essential or crucial for the success of business activity, it will not be considered as
core competence if it is not fundamental from the whole organization’s point of view.
Thus, a core competence is a unique set of skills and expertise, which will be used
throughout the organization to open up potential markets to be exploited.

(b) Sanya Private Limited deteriorating performance due to poor implementation of plans
that is improper use of resources, undesirable tendencies of the workers, and non-
conformance to norms and standards, all point towards weak controls in the organization.
Implementation of plans cannot assure results unless strong and sufficient controls are
put in place. The management of the company should focus diligently on developing
controls especially in the identified problem areas.
The process of control has the following elements:
(a) Objectives of the business system which could be operationalized into measurable
and controllable standards.
(b) A mechanism for monitoring and measuring the performance of the system.
(c) A mechanism (i) for comparing the actual results with reference to the standards (ii)
for detecting deviations from standards and (iii) for learning new insights on
standards themselves.
(d) A mechanism for feeding back corrective and adaptive information and instructions
to the system, for effecting the desired changes to set right the system to keep it on
course.
Above elements of control would ensure a proper check on improper use of resources,
undesirable tendencies of the workers, and non-conformance to norms and standards
and ensure a result oriented implementation of plans.
Question 10
(a) Moonlight Private Limited deals in multi-products and multi-businesses. It has its own set
of competitors. It seems impractical for the company to provide separate strategic
planning treatment to each one of its product or businesses. As a strategic manager,
suggest the type of structure best suitable for Moonlight Private Limited and state its
benefits. (5 Marks)
(b) Elucidate:
Expanded Marketing Mix (5 Marks)
OR
Matrix Structure
Answer
(a) It is advisable for Moonlight Private Limited to follow the strategic business unit (SBU)
structure.
Moonlight Private Limited has a multi-product and multi-business structure where, each
of these businesses has its own set of competitors. In the given case, Strategic Business
Unit (SBU) structure would best suit the interests of the company.

SBU is a part of a large business organization that is treated separately for strategic
management purposes. It is separate part of large business serving product markets with
readily identifiable competitors. It is created by adding another level of management in a
divisional structure after the divisions have been grouped under a divisional top
management authority based on the common strategic interests.
Very large organizations, particularly those running into several products, or operating at
distant geographical locations that are extremely diverse in terms of environmental
factors, can be better managed by creating strategic business units , just as is the case
for Moonlight Private Limited. SBU structure becomes imperative in an organization with
increase in number, size and diversity.
Benefits of SBUs:
1. Establishing coordination between divisions having common strategic interest.
2. Facilitate strategic management and control.
3. Determine accountability at the level of distinct business units.
4. Allow strategic planning to be done at the most relevant level within the total
enterprise.
5. Make the task of strategic review by top executives more objective and more
effective.
6. Help to allocate resources to areas with better opportunities.
Thus, an SBU structure with its set of advantages would be most suitable for the
company with the given diverse businesses having separate identifiable competitors, but
a common organizational goal.
(b) Expanded Marketing Mix:
Typically, all organizations use a combination of 4 Ps in some form or the other that is
product, price, place, and promotion. However, the above elements of marketing mix are
not exhaustive. There are a few more elements that may form part of an organizational
marketing mix strategy as follows:
1. People: all human actors who play a part in delivery of the market offering and thus
influence the buyer’s perception, namely the firm’s personnel and the customer.
2. Physical evidence: the environment in which the market offering is delivered and
where the firm and customer interact.
3. Process: the actual procedures, mechanisms and flow of activities by which the
product/ service is delivered.
OR

In matrix structure, functional and product forms are combined simultaneously at the
same level of the organization. Employees have two superiors, a product / project
manager and a functional manager. The “home” department - that is, engineering,
manufacturing, or marketing - is usually functional and is reasonably permanent. People
from these functional units are often assigned temporarily to one or more product units or
projects.
The product units / projects are usually temporary and act like divisions in that they are
differentiated on a product-market basis. The matrix structure may be very appropriate
when organizations conclude that neither functional nor divisional forms, even when
combined with horizontal linking mechanisms like strategic business units, are right for
the implementation of their strategies. Matrix structure was developed to combine the
stability of the functional structure with flexibility of the product form. It is very useful
when the external environment (especially its technological and market aspects) is very
complex and changeable.
A matrix structure is most complex of all designs because it depends upon both vertical
and horizontal flows of authority and communication. It may result in higher overhead
costs due to more management positions.
The matrix structure is often found in an organization when the following three
conditions exist:
1. Ideas need to be cross-fertilized across projects or products;
2. Resources are scarce; and
3. Abilities to process information and to make decisions need to be improved.

Test Series: May, 2020
MOCK TEST PAPER 1
INTERMEDIATE (NEW): GROUP – II
Time Allowed – 1½ Hours Maximum Marks: 50 Marks
Division A -Multiple Choice Questions

Total Marks: 15 Marks
Question Nos. 1 to 5 carries 2 marks each. Out of which Question no 1-4 belong to case scenario.
XYZ is the well- established food chain with five branches at different locations within Delhi. The company
wants to come out with an IPO (Initial Public Offering). The Management asked the financial Manager to
present a report pertaining the benefits, risks and control objective and above all if there is any change
required in the working of food chain.
To maintain the list of its regular customers, the data management teams of XYZ implements certain
changes in database design of their billing software. Now the billing system is centralized and it is
mandatory to add customers’ phone number and name on each bill. XYZ has decided to buy software which
will be an online assistant to customers and will provide them complete detail about the IPO and solve their
queries. XYZ wants a safe and secure working environment for their customers as well as their employees
therefore, takes the decision to implement certain key provision of IT Act to avoid any unlawful activity. XYZ
follows Customer Relationship Management practices hence; it is famous to take care of its customers and
provides them good services.
1. In purview of case scenario, XYZ follows CRM practices to manage its relationship with its customers.
Which of the following is not the key benefit of CRM module?
(a) Helps to take action needed to measure quality.
(b) Gives an idea to company about customer wants, needs and patterns of purchase.
(c) Sharing of customer data between different departments will enable them to work as a team.
(d) Enables the company to identify the correct time to market its product to customers.
2. The financial manager of XYZ prepared a document wherein he needs to define the business process
of the food chain in diagrammatic form. Which of the following symbol will he use to present Pre-
defined process?
(a)
(b)
(c)
(d)

3. The database management team of XYZ food chain is working to implement changes in database
design as per the requirement of management. Which of the following person will carry out routine
data maintenance and monitor the task?
(a) Database Administrator
(b) Database Architect
(c) Database Analyst
(d) Database Advisor
4. The management of food chain has shown its concern over the condition in case any of its employees
dishonestly make use of electronic signature of the customer. Identify the section from IT Act,
2000that will help XYZ to deal with this situation.
(a) Section 43
(b) Section 66-C
(c) Section 66-E
(d) Section 66-B
5. Mr. Anuj has started his own e-Commerce based start up with an objective to bring together large
number of individual buyer. He collects the information about goods/service providers, makes the
providers it partners, and sells their services under the name of his own start up. Under which
category of e-market his start up comes?
(a) Virtual Community
(b) Buyer Aggregator
(c) e-Shops
(d) e-Auctions
Question Nos. 6 to 10 carries 1 mark each.
6. Mr. Raju wants to purchase a new laptop of BBCN Company through online mode. Hence, he is
checking all the products available on BBCN website. From the following layers of e-commerce
architecture, identify the layer on which he is working.
(a) Application Layer
(b) Database Layer
(c) Client /user Interface
(d) Communication Layer
7. Ms. Sneha purchased a new dress for her birthday party through online mode from fashionnpoint.com.
She used her debit card / pin number to make the payment for her dress. At the back end, which of the
following bank server will be responsible for storing the username and password for transaction?
(a) Internet Banking Channel Server
(b) Internet Banking Application Server
(c) Web Server
(d) Database Server

8. Mr. Rajesh is the Director of a financial company which is listed in SEBI. His job responsibilities
include maintenance of accounting records and safeguarding of assets of company. Which of following
section of Company Act is referring to this part of his duty?
(a) Section 143
(b) Section 134
(c) Section 66
(d) Section 65
9. Mr. Rajiv is an accountant of a Pvt. Ltd. Company, who on behalf of the company takes care of all the
cash deposits and withdrawals in and from bank respectively. He is making a voucher for transfer of
fund from company’s one bank account to company’s other bank account. Which of the following
voucher is Mr. Rajiv preparing?
(a) Contra
(b) Payment
(c) Receipt
(d) Journal
10. Which of the following does not belong to activities executed by Operating System?
(a) It allows more than one user to use the system.
(b) It uses minimal memory.
(c) It provides logical security to identify and authenticate various users.
(d) It keeps the track of data stored.
Division B-Descriptive Questions

Attempt any three questions out of remaining four questions.
1. (a) In Information Systems, identify the control that is used to correct errors, omissions or incidents
once they have been detected. Enlist its major characteristics as well. (3 Marks)
(b) Credit Risk is one of many risks associated with Core Banking System. Define it. (2 Marks)
2. (a) XYZ is the publication house which is under the process of implementing Enterprise Resource
Planning (ERP) so that a single database can be utilized and may contain all data for various
software modules. Explain in brief the software modules included in ERP. (6 Marks)
(b) ABC Company is a supplier of kids’ garment successfully running its business offline as well as
online. Now, the company decides to launch its mobile app also so that its retail customers
would be able to purchase or place orders anytime and anywhere. Describe the method through
which ABC Company will run its e-Commerce architecture on Mobile app. (4 Marks)
3. (a) Nowadays, many industries like hospitality, healthcare and public service agencies deal with
massively large data sets that conventional database tools can’t process. Big data has significant
benefits due to which it has provided a new direction to these businesses. Elaborate these
benefits. (6 Marks)
3

(b) In a Financial and Accounting System, there is a document that is used as documentary evidence
of any transaction. List different types of documentary evidences used in inventory module of
Accounting System. (4 Marks)
4. (a) Mr. X is the Chief Manager of XYZ company; a well-known brand in the field of footwear. He
suggested the Board members of company to adopt the model of e- Business to meet out the
demand of today’s competitive world. The Board members asked him to present a report
pertaining to pros and cons of the same in next board meeting. Though he is well aware about
the benefits of the same, help Mr. X to jot down all the risks associated with e-Business
Environment. (6 Marks)
(b) Elaborate the control activities performed by any business organization to mitigate the risks
related to financial statement audit. (4 Marks)
5. (a) Mr. Rajesh is regional manager of a company who advised his management for Business
Process Automation to sustain in market. He has prepared list of benefits of Automating Business
Process. Elaborate the content of list that Mr. Rajesh may have prepared. (6 Marks)
(b) Mr. X has opened a new account with CFG bank. The bank provides Internet banking, Mobile
banking and Phone banking. Mr. X could not understand usage of these banking facilities.
Elaborate these banking facilities to Mr. X. (4 Marks)

SECTION – B: STRATEGIC MANAGEMENT
Time Allowed – 1½ Hours Maximum Marks – 50
Question 1 and 2 are compulsory.
1. (A) Trepsico Trito Company is one of the most famous brands in food and beverages industry in the
world. It has seventeen food and beverage brands worth more than 100 crores. Trepsico Trito,
Crisppy Chips (subsidiary), Tasty Chips (acquisition), Tangy (joint venture), Twisters (acquisition),
and Threshold drink are just some of the household names that Trepsico Trito Company manages.
Trepsico Trito’s mission is to provide consumers around the world with delicious, affordable,
convenient and complementary foods and beverages from wholesome breakfasts to healthy and
fun daytime snacks and beverages to evening treats. Convenient F&B defines Trepsico Trito’s
business. Trepsico Trito’s vision is articulated as achieving business and financial success while
leaving a positive imprint on society – delivering what it calls Performance with Purpose. For
example, Trepsico Trito India’s Agri program presently benefits over 24,000 farmers across 14
states through various Agri and sourcing initiatives. All the potato used in Crisppy Chips and Tasty
Chips is grown in India and sourced from Indian farmers. Through its 360-degree farmer connect
initiatives for potato cultivation, Trepsico Trito provides training and seed support, advanced plant
protection programs, and assured buy-back with reasonable returns. Besides backward integration
with farmers it has invested in cold storages along its supply chain. Since 2009 it has been Water
Positive by conserving, utilising and managing this important resource in a sustainable manner.
The company is geographically diverse too. Trepsico Trito operates all around the world- only 50
per cent of its sales come from the United States and Canada.
Given this breadth of business and market scope, Trepsico Trito faces a variety of strategic
scenarios: capitalizing on scale advantage in its core brand where it is a global leader; building
businesses in fast-developing and unpredictable markets, categories, and products more so on
account of shifts in consumer behaviour such as a greater focus on healthy living away from its
“star” carbonated beverages and “cash cow” fried snacks businesses; the need for greater
experimentation and innovation, for example in new flavours of chips to create and capitalize on
newer sources of growth.
It is not inconceivable that Trepsico Trito’s different businesses at different times go through
different stages of strategy thus necessitating a portfolio approach to strategy formulation with
reference to market /business growth and market share such as BCG Matrix. While it competes
fiercely with Chilled drink in different countries, it proactively fosters strategic partnerships with
quick service restaurants and multiplex players.
Based on the above Case Scenario, answer the Multiple Choice Questions which are as follows:
(1) Match the columns in respect of the following elements of the strategic intent and their
descriptions:
Column A Column B
(i) Vision (a) Product-Market Configuration
(ii) Business Model (b) The way business is conducted
(iii) Business Definition (c) Aspiration for a desired future
(iv) Mission (d) The scope of Business
(a) (i)-(a); (ii)-(b); (iii)-(c); (iv)-(d)
(b) (i)-(b); (ii)-(c); (iii)-(d); (iv)-(a)
(c) (i)-(c); (ii)-(b); (iii)-(d); (iv)-(a)
5

(d) (i)-(d); (ii)-(c): (iii)-(b); (iv)-(a) (2 Marks)
(2) State the two dimensions implied by portfolio approach to strategy formulation in Trepsico
Trito’s experiences are:
(a) Vision and Mission
(b) Food Business and Beverages Business
(c) Market Growth and Relative Market Share
(d) Performance and Purpose (1 Mark)
(3) The business/ product portfolio classification implied by BCG Matrix comprises which of the
following combinations?
(a) Growth; Stability; Retrenchment; Turnaround
(b) Weakness-Threat; Weakness-Opportunity; Strength-Opportunity; Strength-Threat
(c) Cash-Cows; Stars; Question Marks; Dogs
(d) Market Penetration; Product Development; Market Development; Diversification
(1 Mark)
(4) Which of the following may be cited as instances of collaborative approach/ strategic
alliance Trepsico Trito follows in its strategy?
(a) Diversification from carbonated drinks to fruit juices
(b) Diversification from fried to baked chips
(c) Partnerships with quick service restaurants and multiplexes
(d) Diversification into breakfast cereals (1 Mark)
(5) Which of the following is the most correct corporate level strategic alternative by the overall
strategic direction evident from Trepsico Trito’s corporate strategy?
(a) Growth/Expansion strategy
(b) Stability strategy
(c) Retrenchment strategy
(d) Turnaround strategy (1 Mark)
(B) Human resource management has been accepted as a strategic partner in the formulation of
organization’s strategies and in the implementation of such strategies through human resource
planning, employment, training, appraisal and reward systems. Factors that influence on
employee competence are:
i. Recruitment and selection
ii. Training
iii. Appraisal of performance
iv. Compensation
(a) i, ii & iii
(b) ii, iii & iv
(c) i, ii, iii & iv
(d) iii & iv (2 Marks)

(C) Perscopter, a manufacturer of private helicopter offers unique features that fullfill the demands of
a narrow market. It competes in market based on its uniqueness and custom-oriented private
helicopters. Perscopter provides limited number of high-end helicopters with ultimate features.
Which business strategy is being followed by Perscopter?
(a) Differentiation
(b) Focused differentiation
(c) Cost leadership
(d) Focused cost leadership (2 Marks)
(D) Which of the following is more radical organisation design and is also called as non-structure
which virtually eliminates in-house business functions and outsources many of them?
(a) Network structure
(b) Strategic business unit
(c) Hourglass structure
(d) Simple structure (1 Mark)
(E) The process of creating, maintaining, and enhancing strong, value-laden relationships with
customers and other stakeholder is:
(a) Social marketing
(b) Augmented marketing
(c) Direct marketing
(d) Relationship marketing (1 Mark)
(F) Gennex industries are analyzing the technological forces for the firm which may provide it
opportunities and threats for which of the following stage/s of strategic management process?
(a) Strategy formulation
(b) Strategy implementation
(c) Strategy evaluation
(d) All of the above (1 Mark)
(G) Strategic management allows an organization to be more:
(a) Authoritative
(b) Participative
(c) Commanding
(d) Proactive (1 Mark)
(H) Which of the following is correct?
(a) Strategy is always pragmatic and not flexible
(b) Strategy is not always perfect, flawless and optimal
(c) Strategy is always perfect, flawless and optimal
(d) Strategy is always flexible but not pragmatic (1 Mark)
7

2. Dr. Raman has been running a nursing home for about twenty two years now, and has gained enormous
name for his benevolence in Balram district of Chhattisgarh. Recently, his daughter, Dr. Radhika
completed her medicine degree from the United States of America and returned to her hometown to be a
part of her father’s practice. She has been given the baton to promote modern medicine and retain the
local skilled youth in their practice. However, their nursing home’s skilled youth has been more inclined
to E-Commerce employment opportunities. Dr. Radhika has taken it as a challenge to imbibe the very
essence of service in them, by being employed as nurses and caretakers of the ill. This shall be very
crucial in growing the practice as desired. Which of the following phases of Kurt Lewin’s Model of
Change will be most challenging for Dr. Radhika to strategically positioning her father’s nursing home?
(5 Marks)
3. (a) What is a strategic business unit? What are its advantages? (5 Marks)
(b) Explain the prominent areas where the human resource manager can play a strategic role.
(5 Marks)
4. (a) Are there any limitations attached to strategic management in organizations? Discuss. (5 Marks)
(b) Write a short note on the concept of competitive advantage. (5 Marks)
5. (a) “Strategic decisions are different in nature than all other decisions.” In the light of this statement,
explain any three major dimensions of strategic decisions. (5 Marks)
(b) Explain in brief the reasons to adopt turnaround strategy. (5 Marks)
6. (a) Distinguish between cost leadership and differentiation strategies. (5 Marks)
(b) “Firms can use benchmarking process to achieve improvement in diverse range of management
functions.” Elucidate. (5 Marks)

Test Series: May, 2020
MOCK TEST PAPER 1
ANSWERS
Division A: MULTIPLE CHOICE QUESTIONS (Answers 1-4 based on Case Scenario)
1. (a) Helps to take action needed to measure quality

2. (c)
3. (c) Database Analyst

4. (b) Section 66-C
5. (b) Buyer Aggregator
6. (a) Application Layer
7. (a) Internet Banking Channel Server
8. (b) Section 134
9. (a) Contra
10. (b) It uses minimal memory.
Division B: DESCRIPTIVE ANSWERS
1. (a) Corrective Controls are used to correct errors, omissions or incidents once they have been
detected. The main characteristics of the corrective controls are as follows:
• Minimizing the impact of the threat;
• Identifying the cause of the problem;
• Providing Remedy to the problems discovered by detective controls;
• Getting feedback from preventive and detective controls;
• Correcting error arising from a problem; and
• Modifying the processing systems to minimize future occurrences of the incidents.
(b) Credit Risk is the risk that an asset or a loan becomes irrecoverable in the case of outright
default, or the risk of an unexpected delay in the servicing of a loan. Since bank and borrower
usually sign a loan contract, credit risk can be considered a form of counterparty risk.
2. (a) The software modules included in Enterprise Resource Planning (ERP) are as follows:
• Manufacturing: Some of the functions include engineering, capacity, workflow
management, quality control, bills of material, manufacturing process, etc.
• Financials: Accounts payable, accounts receivable, fixed assets, general ledger and cash
management, etc.
1

• Human Resources: Benefits, training, payroll, time and attendance, etc.
• Supply Chain Management: Inventory, supply chain planning, supplier scheduling, claim
processing, order entry, purchasing, etc.
• Projects: Costing, billing, activity management, time and expense, etc.
• Customer Relationship Management (CRM): CRM is a term applied to processes
implemented by a company to handle its contact with its customers. CRM software is used
to support these processes, storing information on current and prospective customers.
Information in the system can be accessed and entered by employees in different
departments, such as sales, marketing, customer service, training, professional
development, performance management, human resource development, and compensation.
• Data Warehouse: This is a module that can be accessed by an organizations customers,
suppliers and employees. Data warehouse is a repository of an organization’s electronically
stored data. Data warehouses are designed to facilitate reporting and analysis. An
expanded definition for data warehousing includes business intelligence tools, tools to
extract, transform, and load data into the repository, and tools to manage and retrieve
metadata. Data warehouses are operational systems which perform day-to-day transaction
processing. The process of transforming data into information and making it available to the
user in a timely enough manner to make a difference is known as data warehousing.
(b) Mobile Applications are small piece of software developed specifically for the operating systems of
handheld devices such as mobile phones, PDAs and Tablet computers. Mobile Apps can come
preloaded on handheld devices or can be downloaded by users from the app stores over the
Internet. The e-commerce architecture that will run on mobile app is via M-Commerce (Mobile
Commerce) that enables users to access the Internet without needing to find a place to plug in. It
has following three layers:
1. Client / User Interface: This layer helps the e-commerce customer connect to e-commerce
merchant. It includes Web Server, Web Browser and Internet. For example: If an user buys
a mobile phone from an e-commerce merchant it includes -User, Web Browser (Internet
Explorer/Chrome) & Web Server.
2. Application Layer: Through these application’s customer logs to merchant systems. This layer
allows customer to check the products available on merchant’s website. It includes Application
Server and Back End Server. For example - E-merchant, Reseller, Logistics partner.
3. Database Layer: This layer is accessible to user through application layer. It includes the
information store house, where all data relating to products and price is kept.
3. (a) The Benefits of Big Data Processing are as follows:
(I) Ability to process Big Data brings in multiple benefits, such as-
• Businesses can utilize outside intelligence while taking decisions.
• Access to social data from search engines and sites like Facebook, Twitter are enabling
organizations to fine tune their business strategies.
• Early identification of risk to the product/services, if any
(II) Improved customer service
• Traditional customer feedback systems are getting replaced by new systems designed
with Big Data technologies. In these new systems, Big Data and natural language
2

processing technologies are being used to read and evaluate consumer responses.
(III) Better operational efficiency
• Integration of Big Data technologies and data warehouse helps an organization to
offload infrequently accessed data, this leading to better operational efficiency.
(b) The different types of documentary evidence used in Inventory Module are as follows:
• Purchase Order- For recording of a purchase order raised on a vendor.
• Sales Order- For recording of a sales order received from a customer.
• Stock Journal- For recording of physical movement of stock from one location to another.
• Physical Stock-For making corrections in stock after physical counting.
• Delivery Note- For recording of physical delivery of goods sold to a customer.
• Receipt Note- For recording of physical receipt of goods purchased from a vendor.
4. (a) The risks associated in E-Business Environment are as follows:
(i) Privacy and Security: There are often issues of security and privacy due to lack of
personalized digital access and knowledge.
(ii) Quality issues: There are quality issues raised by customers as the original product differs
from the one that was ordered.
(iii) Delay in goods and Hidden Costs: When goods are ordered from another country, there
are hidden costs enforced by Companies.
(iv) Needs Access to internet and lack of personal touch: The e-commerce requires an
internet connection which is extra expensive and lacks personal touch.
(v) Security and credit card issues: There is cloning possible of credit cards and debit cards
which pose a security threat.
(vi) Infrastructure: There is a greater need of not only digital infrastructure but also network
expansion of roads and railways which remains a substantial challenge in developing
countries.
(vii) Problem of anonymity: There is need to identify and authenticate users in the virtual global
market where anyone can sell to or buy from anyone, anything from anywhere.
(viii) Repudiation of contract: There is possibility that the electronic transaction in the form of
contract, sale order or purchase by the trading partner or customer maybe denied.
(ix) Lack of authenticity of transactions: The electronic documents that are produced during
an e-Commerce transaction may not be authentic and reliable.
(x) Data Loss or theft or duplication: The data transmitted over the Internet may be lost,
duplicated, tampered with or replayed.
(xi) Attack from hackers: Web servers used for e-Commerce maybe vulnerable to hackers.
(xii) Denial of Service: Service to customers may be denied due to non-availability of system as
it may be affected by viruses, e-mail bombs and floods.
(xiii) Non-recognition of electronic transactions: e-Commerce transactions, as electronic
records and digital signatures may not be recognized as evidence in courts of law.

(xiv) Lack of audit trails: Audit trails in e-Commerce system may be lacking and the logs may
be incomplete, too voluminous or easily tampered with.
(xv) Problem of piracy: Intellectual property may not be adequately protected when such
property is transacted through e-Commerce.
(b) Control Activities are the actions established through policies and procedures that help ensure
that management’s directives to mitigate risks related to financial statement audit and to the
achievement of objectives are carried out. Control activities are performed at all levels of the
entity, at various stages within business processes, and over the technology environment. They
may be preventive or detective in nature and may encompass a range of manual and automated
activities such as authorizations and approvals, verifications, reconciliations and business
performance reviews.
The control activities include the elements that operate to ensure transactions are authorized,
duties are segregated, adequate documents and records are maintained, assets and records are
safeguarded, and independent checks on performance and valuation of records. Internal auditors
are also concerned with administrative controls to achieve effectiveness and efficiency
objectives. Control activities must be developed to manage, mitigate, and reduce the risks
associated with each business process. It is unrealistic to expect to eliminate risks completely.
5. (a) The benefits of Automating Business Processes are as follows:
♦ Quality and Consistency: Ensures that every action is performed identically - resulting in
high quality, reliable results and stakeholders will consistently experience the same level of
service.
♦ Time Saving: Automation reduces the number of tasks employees would otherwise need to
do manually. It frees up time to work on items that add genuine value to the business,
allowing innovation and increasing employees’ levels of motivation.
♦ Visibility: Automated processes are controlled and they consistently operate accurately
within the defined timeline. It gives visibility of the process status to the organization.
♦ Improved Operational Efficiency: Automation reduces the time it takes to achieve a task,
the effort required to undertake it and the cost of completing it successfully. Automation not
only ensures systems run smoothly and efficiently, but that errors are eliminated and that
best practices are constantly leveraged.
♦ Governance & Reliability: The consistency of automated processes means stakeholders
can rely on business processes to operate and offer reliable processes to customers,
maintaining a competitive advantage.
♦ Reduced Turnaround Times: This relates to elimination of unnecessary tasks and
realignment process steps to optimize the flow of information throughout production,
service, billing and collection. This adjustment of processes distils operational performance
and reduces the turnaround times for both staff and external customers.
♦ Reduced Costs: Manual tasks, given that they are performed one-at-a-time and at a slower
rate than an automated task, will cost more. Automation allows us to accomplish more by
utilizing fewer resources.
(b) Mobile Banking, Internet banking and Phone banking can be understood as follows:
• Internet Banking also known as Online Banking, is an electronic payment system that
enables customers of a bank or other financial institution to conduct a range of financial
4

transactions through the financial institution's website. The online banking system offers
over 250+ services and facilities that give us real-time access to our bank account. We can
make and receive payments to our bank accounts, open Fixed and Recurring Deposits, view
account details, request a cheque book and a lot more, while we are online.
• Mobile Banking is a service provided by a bank or other financial that allows its customers
to conduct financial institution that allows its customers to conduct financial transactions
remotely using a mobile device such as a Smartphone or tablet. Unlike the related internet
banking, it uses software, usually called an app, provided by the financial institution for the
purpose. Mobile banking is usually available on a 24-hour basis.
• Phone Banking is a functionality through which customers can execute many of the
banking transactional services through Contact Centre of a bank over phone, without the
need to visit a bank branch or ATM. Registration of Mobile number in account is one of the
basic pre-requisite to avail Phone Banking. The use of telephone banking services,
however, has been declining in favour of internet banking. Account related information,
Cheque Book issue request, stop payment of cheque, Opening of Fixed deposit etc. are
some of the services that can be availed under Phone Banking.

SUGGESTED ANSWERS/HINTS
1. (A)
(1) (2) (3) (4) (5)
(c) (c) (c) (c) (a)
(B) (c)
(C) (b)
(D) (a)
(E) (d)
(F) (d)
(G) (d)
(H) (b)
2. Kurt Lewin’s Model of Change proposes three phases of change process to make the change lasting.
They are Compliance, Identification and Internalization.
For Dr. Radhika, Compliance and Identification will not a big challenge, as her father has been one of
the most sort after personalities serving the ill in their district. And her return from the USA to serve her
country, especially her district, will help the workforce identify her as a role model and there would
actually be no need for compliance, i.e. Reward and Punishment for bringing about a change.
However, the new lucrative E-Commerce employment opportunities will have to be fought through
Internalization, i.e. internal changing of the individual’s thought process, to give them freedom to learn
and succeed. Thus, Internalization will be the most challenging phase.
3. (a) A strategic business unit (SBU) is any part of a business organization which is treated separately
for strategic management purposes. The concept of SBU is helpful in creating an SBU
organizational structure. It is discrete element of the business serving product markets with readily
identifiable competitors and for which strategic planning can be concluded. It is created by adding
another level of management in a divisional structure after the divisions have been grouped under
a divisional top management authority based on the common strategic interests.
Advantages of SBU are:
♦ Establishing coordination between divisions having common strategic interests.
♦ Facilitates strategic management and control on large and diverse organizations.
♦ Fixes accountabilities at the level of distinct business units.
♦ Allows strategic planning to be done at the most relevant level within the total enterprise.
♦ Makes the task of strategic review by top executives more objective and more effective.
♦ Helps allocate corporate resources to areas with greatest growth opportunities.

(b) Prominent areas where the Human Resource Manager can play strategic role are as follows:
1. Providing purposeful direction: The human resource manager leads people and the
organization towards the desired direction involving people. He can ensure harmony between
organisational objectives and individual objectives.
2. Creating competitive atmosphere: In the present business environment, maintaining
competitive position or gains is an important objective of any business. Having a highly
committed and competent workforce is very important for getting a competitively
advantageous position.
3. Facilitation of change: The human resource manager will be more concerned about
furthering the organization not just maintaining it. He can devote more time to promote
acceptance of change rather than maintaining the status quo.
4. Managing workforce diversity: In a modern organization, management of diverse workforce
is a great challenge. Workforce diversity can be observed in terms of male and female, young
and old, educated and uneducated, unskilled and professional employee and so on.
Motivation, maintaining morale and commitment are some of the key tasks that a HR manager
can perform.
5. Empowerment of human resources: Empowerment involves giving more power to those
who, at present, have little control on what they do and little ability to influence the decisions
being made around them.
6. Building core competency: The human resource manager has an important role to play in
developing core competency of the firm. A core competence is a unique strength of an
organization which may not be shared by others. Organization of business around core
competence implies leveraging the limited resources of a firm.
7. Development of works ethics and culture: A vibrant work culture will have to be developed
in the organizations to create an atmosphere of trust among people and to encourage creative
ideas by the people.
4. (a) The presence of strategic management cannot counter all hindrances and always achieve success.
There are limitations attached to strategic management. These can be explained in the following
lines:
♦ Environment is highly complex and turbulent. It is difficult to understand the complex
environment and exactly pinpoint how it will shape-up in future. The organisational estimate
about its future shape may awfully go wrong and jeopardise all strategic plans.
♦ Strategic management is a time-consuming process. Organisations spend a lot of time in
preparing, communicating the strategies that may impede daily operations and negatively
impact the routine business.
♦ Strategic management is a costly process. Strategic management adds a lot of expenses to
an organization. Expert strategic planners need to be engaged, efforts are made for analysis
of external and internal environments devise strategies and properly implement. These can
be really costly for organisations with limited resources.
♦ In a competitive scenario, where all organisations are trying to move strategically, it is difficult
to clearly estimate the competitive responses to a firm’s strategies.

(b) Competitive advantage is the position of a firm to maintain and sustain a favorable market position
when compared to the competitors. Competitive advantage is ability to offer buyers something
different and thereby providing more value for the money. It is achieved advantage over rivals when
a company’s profitability is greater than average profitability of firms in its industry. It is the result
of a successful strategy. This position gets translated into higher market share, higher profits when
compared to those that are obtained by competitors operating in the same industry. Competitive
advantage may also be in the form of low cost relationship in the industry or being unique in the
industry along dimensions that are widely valued by the customers in particular and the society at
large.
5. (a) Decision-making is a managerial process and a function of choosing a particular course of action
out of several alternative courses for the purpose of accomplishment of the organizational goals.
Strategic decisions are different in nature than all other decisions which are taken at various levels
of the organization during their day-to-day working. The major dimensions of strategic decisions
are given below:
1. Strategic issues require top-management decisions. Strategic issues involve thinking in
totality of the organizations and there is lot of risk involved.
2. Strategic issues involve the allocation of large amounts of company resources - financial,
technical, human etc.
3. Strategic issues are likely to have a significant impact on the long-term prosperity of the firm.
4. Strategic issues are future oriented.
5. Strategic issues usually have major multifunctional or multi-business consequences.
6. Strategic issues necessitate consideration of factors in the firm’s external environment.
(b) Reasons to adopt Turnaround Strategy:
1. Turnaround is needed when an enterprise's performance deteriorates to a point that it needs
a radical change of direction in strategy, and possibly in structure and culture as well.
2. It is a highly targeted effort to return an organization to profitability and increase positive cash
flows to a sufficient level.
3. It is used when both threats and weaknesses adversely affect the health of an organization
so much that its basic survival is difficult.
4. The overall goal of turnaround strategy is to return an underperforming or distressed company
to normalcy in terms of acceptable levels of profitability, solvency, liquidity and cash flow.
5. To achieve its objectives, turnaround strategy must reverse causes of distress, resolve the
financial crisis, achieve a rapid improvement in financial performance, regain stakeholder
support, and overcome internal constraints and unfavourable industry characteristics.
6. (a) According to Porter, strategies allow organizations to gain competitive advantage from three
different bases: cost leadership, differentiation, and focus. Cost leadership emphasizes producing
standardized products at a very low per-unit cost for consumers who are price-sensitive.
Differentiation is a strategy aimed at producing products and services considered unique industry
wide and directed at consumers who are relatively price-insensitive.
A primary reason for pursuing forward, backward, and horizontal integration strategies is to gain
cost leadership benefits. But cost leadership generally must be pursued in conjunction with
differentiation. Different strategies offer different degrees of differentiation. A differentiation
8

strategy should be pursued only after a careful study of buyers’ needs and preferences to
determine the feasibility of incorporating one or more differentiating features into a unique product.
A successful differentiation strategy allows a firm to charge a higher price for its product and to
gain customer loyalty.
(b) Benchmarking is a process of finding the best practices within and outside the industry to which an
organisation belongs. Knowledge of the best practices helps in setting standards and finding ways
to match or even surpass own performances with the best performances.
Benchmarking is a process of continuous improvement in search for competitive advantage. Firms
can use benchmarking process to achieve improvement in diverse range of management function
such as mentioned below:
• Maintenance operations,
• Assessment of total manufacturing costs,
• Product development,
• Product distribution,
• Customer services,
• Plant utilisation levels; and
• Human resource management.

Test Series: October, 2020
MOCK TEST PAPER
INTERMEDIATE (IPC): GROUP – II
Part I: Multiple Choice Questions
Question Nos. 1 to 5 belong to the case scenario and carries 2 marks each.
Fit&Fine is one of the renowned gymnasium in South Delhi established in 2016. The gym is very famous for
its health services, latest equipment, cordial environment, and experts. The Fit&Fine gym management has
excellent arrangement for its customers as well as employees. A Dietician and a physician are also associated
with gym during the gym timings of 5:00 am to 10:00 pm all days.
On the occasion of Diwali in 2019, the gym also launched an online Fit&Fine Gym Aggregator service
application to reach out and get connected to more customers through various gyms located in West and
North Delhi. For its new e-business as online gym aggregator, Fit&Fine entered into various electronic
agreements with many other gyms in West Delhi and North Delhi prescribing the specific terms and conditions
of the agreement. All these gyms associated with Fit&Fine are required to provide fitness related best services
to its customers.
The services of various associated gyms can be availed by the customers either through the Gym Aggregator
service application or through physical visit at the registered gyms in the app by paying onetime membership
fees of ` 3000 and gets unique membership id and PIN number to avail the facilities. A member can either
book for his/her physical visit or online session with any of these registered gyms associated with Fit&Fine
using the membership id.
1. Though Fit&Fine gym and other registered gyms have excellent arrangements for health and safety of
its employees; yet the management of the gym remains concerned about any negligence that may occur
and the risks that can expose it to various fines and penalties posed by any regulatory agency. Which
type of business risk is the management here referring to?
(a) Strategic Risk
(b) Regulatory Risk
(c) Hazard Risk
(d) Operational Risk
2. The IT team managing the Fit&Fine Gym Aggregator application manages the MIS Report on various
parameters like – number of bookings for online sessions/physical meetings done each day, joining of
new members per month etc. The information so extracted through these MIS reports have following
criterions except one. Identify it.
(a) Relevant
(b) Accurate
(c) Timely
(d) Confidential
1

3. Fit&Fine gym provides Unique Id and PIN number as an access control mechanism to its customers to
avail the facilities provide through Gym aggregator service app. From the following controls, identify the
Application control under which this specific access control mechanism falls.
(a) Physical Control
(b) Boundary Control
(c) Communication Control
(d) Management Control
4. In purview of above case scenario, there can be a possibility that any registered gym with Fit&Fine Gym
aggregator online service may violate the terms and conditions of the agreement done between the two.
Which type of risk is associated with this e-Commerce transaction?
(a) Lack of authenticity of transaction
(b) Problem of anonymity
(c) Repudiation of contract
(d) Privacy and security
5. In purview of above case scenario, customer can pay its membership fees through credit card to
Fit&Fine. Which risk is taken care in case the banking system key control is established that transaction
cannot be made if the aggregate limit of outstanding amount exceeds the credit limit assigned to
customer?
(a) Credit Line setup is unauthorized and not in line with the bank’s policy.
(b) Credit Line setup can be breached.
(c) Masters defined for the customer are not in accordance with the Pre-Disbursement Certificate.
(d) Inaccurate reconciliations performed. (2 x 5 = 10 Marks)
Question Nos. 6 to 10 carries 1 mark each.
6. Identify from the following controls of Information System that deals with organization’s policies,
procedure and planning.
(a) Management Controls
(b) Environmental Controls
(c) Access Controls
(d) Physical Controls
7. Mr. Neeraj is working on a project on healthcare system where he has to perform data mining on the
database of patients of last five years in ABC Hospital. The hospital provided him inconsistent data with
lots of errors and missing values. He has to apply various techniques to get rid of these anomalies.
Identify from the following process which he can use to get rid of these anomalies.
(a) Data Cleaning
(b) Data Selection
(c) Data Integration
(d) Data Transformation

8. Mr. X and Mr. Y are employees of XYZ Ltd. In the office during lunch time when Mr. Y was not on his
seat, Mr. X stole the pen drive of Mr. Y containing some confidential information from his system. Under
which of the following section of Information Technology Act, 2000, is Mr. X punishable?
(a) Section 66B
(b) Section 66C
(c) Section 66D
(d) Section 43
9. Which of the following is not true about cloud computing?
(a) Data and information can be accessed with minimal upfront spending in a pay-as-you-go approach.
(b) Getting more work done in less time with less resources are possible.
(c) Customers may have to face restrictions on the availability of applications, operating systems and
infrastructure options.
(d) It is feasible to confine within budgetary allocations and can be ahead of completion cycle times.
10. The risk management strategy that is followed by an organization in case the impact and probability of
risk is very low. Which type of the risk management strategy would be followed in this case?
(a) Tolerate the risk.
(b) Terminate the risk.
(c) Share the risk.
(d) Treat the risk. (1 x 5 = 5 Marks)
Part II: Descriptive Questions
1. (a) Identify the controls that are designed to detect errors, omissions or malicious acts that occur and
report the occurrence and explain them. (3 Marks)
(b) Define the Process of Money Laundering. (2 Marks)
2. (a) Mr. X is the chief manager of ABC Ltd. - a shoe manufacturing company in New Delhi. He has put
a proposal to top management to implement ERP system to enhance the quality in production
across processes in company. The management asked him to prepare a report on how the quality
management module of ERP would help the company to accelerate its business processes.
Describe all the points that Mr. X may write in his report regarding quality Management Module of
ERP. (6 Marks)
(b) Mr. G has started his new business of homemade biscuits and cookies through online mode. He
has a website having detail of all its products and payment gateway. Identify different ways that
should be followed by him to protect his e-business from intrusion? (4 Marks)
3. (a) DEF Ltd., a wealth Management Company has its head office in Bengaluru and wants to set up a
new office at Mumbai. For the new setup, the DEF Ltd.’s managerial controls are required to be
enforced to ensure that the development, implementation, operation and maintenan ce of
information systems at Mumbai office is in planned and controlled manner. Determine all the
activities that deal with the Systems Development Management Controls that are responsible for

the functions concerned with analyzing, designing, building, implementing and maintaining
information systems. (6 Marks)
(b) The organizations implementing ERP systems should keep abreast of the latest technological
developments and implementation which is required to survive and thrive. Enlist all the risks
associated with technological aspect of an ERP system. (4 Marks)
4. (a) Mr. Amar runs a grocery shopping centre and uses only cash mode for the payments from his
customers. However, on regular demand of his customers, he wants to use digital mode of payment
also. As a novice, he worries about the security and hassles involved in digital mode of payment
as well. Enlist advantages and disadvantages of digital mode of payment for him to make him better
understand it. (6 Marks)
(b) ABC Company is having Internal Control System that provides it reasonable assurance about the
achievement of ABC’s objectives regarding reliability of financial reporting, effectiveness and
efficiency of operations. However, the company is not able to achieve its objectives. Write the
limitations of Internal Control System that hinder the success of ABC Company. (4 Marks)
5. (a) J&J Pvt. Ltd. wants to start its e-business in India. Enlist the positive impacts of IT Act, 2000 in
perspective of e-commerce in India that would help J&J Pvt. Ltd. to promote their business.
(6 Marks)
(b) ABC is a newly established financial company that wants to obtain ISO 27001 certificate for
information security to mitigate the risks of information technology. Write all the sub -processes
included in implementation of Information Security. (4 Marks)

1. (A) Aero Mind Bridge Technologies Ltd (AMBTL) is a software development company work as a
solution provider to airlines industry. The company was established more than a decade ago by
Mr. Pranshu Gupta having experience of working in United States of America (USA). His
entrepreneurial desires brought him back to India to promote Aero Mind Bridge Technologies Ltd
(AMBTL). The company started its operations with a meagre capital of ` 10 lakhs with limited
workforce. Currently, it enjoys a valuation of more than ` 50 crores. Almost everybody
acknowledged the competency of AMBTL in developing customised software for the airlines
industry.
The high growth of the company was mainly on account of the heavy inflows of the funds in the
airlines industry from various big business houses that have diversified into airlines industry.
Currently, these business houses were in the manufacturing of FMCG, textiles, packaging etc.
and having good expertise and uniqueness in these industries.
However, AMBTL saw stagnation in last three years. The order position was shrinking day by
day. The margins were also reducing. Last year was particularly bad for the AMBTL and its
annual sales reduced by 20 % for the first time since its inception.
Most of the business houses that had entered in the airlines industry had less knowledge and
experience in the industry. However, their desire to diversify and seeing new opportunity in the
airlines industry prompted them to invest heavily into the industry.
However, things did not turn out to be as expected. The tough competition between several
players, reduction in the fare by railways and high prices of aviation fuel created problems for the
industry. The sector was not able to generate reasonable profits thus resulting difficulty in
maintaining operations. They were in need for hard to come by capital. Lately, the airlines
industry is witnessing some consolidation with companies planning for mergers or even
contemplating closures.
The general global recession also resulted in the reduction of travel expenditure of corporates
resulting in decrease in the order position of AMBTL.
Based on the above Case Scenario, answer the Multiple Choice Questions which are as follows:
Multiple Choice Questions (MCQs)
(i) Identify the nature of diversification by the business houses entering into airlines industry.
(a) Concentric diversification
(b) Conglomerate diversification
(c) Vertically integrated diversification
(d) Horizontal integrated diversification (1 Mark)
(ii) The big business houses were in the manufacturing of FMCG, textiles, packaging etc. and
having good expertise and uniqueness in these industries. But they are not performing well
in airlines industry because of
5

(a) Non availability of funds
(b) Incompetent workforce
(c) Rapid technological changes
(d) Lacking core competence (1 Mark)
(iii) According to Michael Porter’s model, identify the competitive pressures faced by airlines
industry as per the given scenario.
1. Competitive pressure among rival sellers
2. Competitive pressure from suppliers
3. Competitive pressure from substitute products
4. Competitive pressure from buyers
5. Competitive pressure from new entrants
Select the correct combination in the above scenario:
(a) 1, 2 & 3
(b) 1, 3 & 4
(c) 2, 3 & 5
(d) 1, 4 & 5 (1 Mark)
(iv) AMBTL can be identified as a Star as per BCG’s Growth Matrix, basis the rapid growth it
has shown to maintain market and fuel the growth potential. For last three years, AMBTL
turn into, as per the BCG matrix, when its growth slows down?
(a) Dog
(b) Question Mark
(c) Will remain a star
(d) Cash Cow (2 Marks)
(v) Mr. Pranshu Gupta as a core strategist of AMBTL, authorised for bringing about strategic
change in his company, how he will initiate “unfreezing of the situation”?
(a) Promoting new ideas throughout the organization
(b) Promoting compliance throughout the organization
(c) Promoting change in process throughout the organization
(d) None of the above (1 Mark)
(B) Members of Infinite Care, an NGO, have met and determined that they need to for mulate a
philosophical basis for their activities. Thereby they have come up with a statement: -
“Provide children till age 12, living in homeless or low-income situations, with the essential items
they need to thrive – at home, at school and at play”
Identify the area of strategic intent, which the members have stated?
(a) Vision
(b) Business Definition
(c) Goal and Objective

(d) Mission (2 Marks)
(C) Sport Spirit (SS) is a medium sized sports retailer. It currently operates three shops in the city at
centre locations. The management of Sport Spirit (SS) has a very careful recruitment policy; any
applicant must have a ‘passion for sport’. Which one of the following functional strategies would
best describe by SS?
(a) Human Resource Strategy
(b) Financial Strategy
(c) Operation Strategy
(d) Marketing Strategy (1 Mark)
(D) Dee Limited is an international clothing retailer. The company is making the following decisions:
i. Should another range of shops be established?
ii. Should the company float more share capital?
iii. How will the premises be fitted out for the new range of shops?
Which of the above decisions will be taken by corporate level managers?
(a) Only (i)
(b) Only (ii)
(c) (i) & (ii)
(d) (ii) & (iii) (1 Mark)
(E) ‘Strategic group mapping’ helps in-
(a) Identifying the strongest rival companies
(b) Identifying weakest rival companies
(c) Identifying weakest and strongest rival companies
(d) None of the above (1 Mark)
(F) Low cost, differentiation and focus are:
(a) SBU level strategies
(b) Corporate level strategies
(c) Business level strategies
(d) Functional level strategies (1 Mark)
(G) Supply chain refers to the linkages between:
(a) Suppliers
(b) Customers
(c) Manufacturers
(d) All the above (1 Mark)

(H) When two organisations combine to increase their strength and financial gains along with
reducing competition is called-----------.
(a) Hostile takeover
(b) Liquidation
(c) Merger
(d) Acquisition (1 Mark)
(I) Which of the following would be chosen by the core strategist to implement operational control?
(a) Premise Control
(b) Special Alert Control
(c) Implementation Control
(d) Budgetary Control (1 Mark)
2. Delta Co. is an organization specializing in Information Technology enabled Services (ITeS) and
Communications business. Last year, the organization had successfully integrated an Artificial
Intelligence (AI) tool named ‘Zeus’ into the existing ERP system. The AI tool, using Deep Learning
technique provided a digital leap transformation in various business processe s and operations. It has
significantly diminished the role played by specialist managers of the middle management. This
technological tool in addition to saving organizational costs by replacing many tasks of the middle
management has also served as a link between top and bottom levels in the organization and assists
in quick decision making. The skewed middle level managers now perform cross-functional duties.
Which type of organizational structure is the company transitioning into? (5 Marks)
3. (a) Write short note on expansion through acquisitions and mergers. (5 Marks)
(b) How would you argue that Research and Development Personnel are important for effective
strategy implementation? (5 Marks)
4. (a) What benefits accrue by following a strategic approach to managing? (5 Marks)
(b) Mission statement of a company focuses on the question: ‘who we are’ and ‘what we do’. Explain
briefly. (5 Marks)
5. (a) Identify three aspects of impact of IT Systems on Business Process Reengineering and list three
areas where it provides business value. (5 Marks)
(b) Distinguish between Cost Leadership and Differentiation Strategies. (5 Marks)
6. (a) Explain the concept of Experience Curve and highlight its relevance in strategic management.
(5 Marks)
(b) What is corporate culture? How is it both strength and weakness of an organisation? (5 Marks)

Test Series: October, 2020
MOCK TEST PAPER
ANSWERS
PART-I: MULTIPLE CHOICE QUESTIONS
1. (b) Regulatory Risk
2. (d) Confidential
3. (b) Boundary Control
4. (c) Repudiation of contract
5. (b) Credit Line setup can be breached.
6. (a) Management Control
7. (a) Data Cleaning
8. (a) Section 66B
9. (c) Customers may have to face restrictions on the availability of applications, operating systems and
infrastructure options.
10. (a) Tolerate the risk.
PART II: DESCRIPTIVE ANSWERS

1. (a) Detective Controls are designed to detect errors, omissions or malicious acts that occur and
report the occurrence. In other words, Detective Controls detect errors or incidents that elude
preventive controls. A detective control may identify account numbers of inactive accounts or
accounts that have been flagged for monitoring of suspicious activities. Detective controls can also
include monitoring and analysis to uncover activities or events that exceed authorized limits or
violate known patterns in data that may indicate improper manipulation. For sensitive electronic
communications, detective controls can indicate that a message has been corrupted or the
sender’s secure identification cannot be authenticated.
Some of the examples of Detective Controls include review of payroll reports; compare transactions
on reports to source documents; monitor actual expenditures against budget; use of automatic
expenditure profiling where management gets regular reports of spend to date against profiled
spend; hash totals; check points in production jobs; echo control in telecommunications; duplicate
checking of calculations; past-due accounts report; the internal audit functions; Intrusion Detection
System; Cash counts and bank reconciliation and Monitoring expenditures against budge ted
amount etc.
The main characteristics of Detective controls are given as follows:
 Clear understanding of lawful activities so that anything which deviates from these is reported
as unlawful, malicious, etc.;
 An established mechanism to refer the reported unlawful activities to the appropriate person
or group;

 Interaction with the preventive control to prevent such acts from occurring; and
 Surprise checks by supervisor.
(b) Money Laundering is the process by which the proceeds of the crime and the true ownership of
those proceeds are concealed or made opaque so that the proceeds appear to come from a
legitimate source. The objective in money laundering is to conceal the existence, illegal source, or
illegal application of income to make it appear legitimate. Money laundering is commonly used by
criminals to make ‘dirty’ money appear ‘clean’ or the profits of criminal activities are made to appear
legitimate.
2. (a) Quality Management module collaborates in procurement and sales, production, planning,
inspection, notification, control, audit management and so on. It involves the following processes.
 Quality Planning: Quality planning is the process of planning the production activities to
achieve the goals of meeting the customer requirements in time, within the available
resources.
 Quality Control: It is a system for ensuring the maintenance of proper standards in
manufactured goods, especially by periodic random inspection of the product. I t involves
the checking and monitoring of the process and products with an intention of preventing
non-conforming materials from going to the customer. Various result areas are identified
for each process and studies are conducted to verify whether those results are being
achieved.
 Quality Assurance: Quality assurance concentrates on identifying various processes,
their interactions and sequence, defining the objectives of each process, identifying the
key result areas and measures to measure the results, establishing the procedures for
getting the required results, documenting the procedures to enable everyone to follow the
same, educating the people to implement the procedures, preparing standard operating
instructions to guide the people on work spot, monitoring and measuring the performance,
taking suitable actions on deviations and continuously improving the systems.
 Quality Improvement: Quality improvement is a never-ending process. The customer’s
needs and expectations are continuously changing depending on the chang es in
technology, economy, political situation, ambitions and dreams, competition, etc.
(b) Some ways through which e- business can be protected from intrusion are as follows:
i. Viruses: Check your website daily for viruses, the presence of which can result in the loss of
valuable data.
ii. Hackers: Use software packages to carry out regular assessments of how vulnerable your
website is to hackers.
iii. Passwords: Ensure employees change these regularly and that passwords set by former
employees of your organization are defunct.
iv. Regular software updates: Your site should always be up to date with the newest versions
of security software. If you fail to do this, you leave your website vulnerable to attack.
v. Sensitive data: Consider encrypting financial information and other confidential data (using
encryption software). Hackers or third parties will not be able to access encrypted data without
a key. This is particularly relevant for any e-Commerce sites that use a shopping cart system.
vi. Know the details of your payment service provider contract.

3. (a) The activities that deal with the System Development Management controls are as follows:
♦ System Authorization Activities: All systems must be properly and formally authorized to
ensure their economic justification and feasibility. This requires that each new system request
be submitted in written form by users to systems professionals who have both the expertise
and authority to evaluate and approve (or reject) the request.
♦ User Specification Activities: Users must be actively involved in the systems development
process wherein a detailed written descriptive document of the logical needs of the users is
created.
♦ Technical Design Activities: The technical design activities translate the user specifications
into a set of detailed technical specifications of a system that meets the user’s needs.
♦ Internal Auditor’s Participation: The internal auditor should be involved at the inception of
the system development process to make conceptual suggestions regarding system
requirements and controls and should be continued throughout all phases of the development
process and into the maintenance phase.
♦ Program Testing: All program modules must be thoroughly tested before they are
implemented. The results of the tests are then compared against predetermined results to
identify programming and logic errors.
♦ User Test and Acceptance Procedures: Just before implementation, the individual modules
of the system must be tested as a unified whole. A test team comprising user personnel,
systems professionals, and internal audit personnel subjects the system to rigorous testing.
Once the test team is satisfied that the system meets its stated requirements, the system is
formally accepted by the user department(s).
(b) All the risks associated with Technological Aspect of an ERP system are as follows:
 Software Functionality: ERP systems offer a myriad of features and functions, however, not
all organizations require those many features. Implementing all the functionality and features
just for the sake of it can be disastrous for an organization.
 Technological Obsolescence: With the advent of more efficient technologies every day, the
ERP system also becomes obsolete as time goes on.
 Enhancement and Upgrades: ERP Systems are not upgraded and kept up-to-date. Patches
and upgrades are not installed and the tools are underutilised.
 Application Portfolio Management: These processes focus on the selection of new
business applications and the projects required delivering them.
4. (a) The Advantages of Digital Payments are as follows:
(i) Easy and convenient: Digital payments are easy and convenient. Person do not need to
take loads of cash with themselves.
(ii) Pay or send money from anywhere: With digital payment modes, one can pay from
anywhere anytime.
(iii) Discounts from taxes: Government announces many discounts to encourage digital
payments off and on.
(iv) Written record: User often forgets to note down his / her spending, or even if nothing is
done it takes a lot of time. These are automatically recorded in passbook or inside E -
Wallet app. This helps to maintain record, track spending and budget planning.
3

(v) Less Risk: Digital payments have less risk if used wisely. If user losses mobile phone or
debit/credit card or Aadhar card, no need to worry a lot. No one can use anyone else’s
money without MPIN, PIN or fingerprint in the case of Aadhar. It is advised that user
should get card blocked, if lost.
The disadvantages of Digital Payments are as follows:
(i) Difficult for a Non-technical person: As most of the digital payment modes are based on
mobile phone, the internet and cards. These modes are somewhat difficult for non -technical
persons such as farmers, workers etc.
(ii) The risk of data theft: There is a big risk of data theft associated with the digital payment.
Hackers can hack the servers of the bank or the E-Wallet a customer is using and easily get
his/her personal information. They can use this information to steal money from the
customer’s account.
(iii) Overspending: One keeps limited cash in his/her physical wallet and hence thinks twice
before buying anything. But if digital payment modes are used, one has an access to all
his/her money that can result in overspending.
(b) The limitations of Internal Control System that hinder the success of ABC Company are as follows:
♦ Management’s consideration that the cost of an internal control does not exceed the expected
benefits to be derived.
♦ The fact that most internal controls do not tend to be directed at transactions of unusu al
nature. The potential for human error, such as, due to carelessness, distraction, mistakes of
judgement and misunderstanding of instructions.
♦ The possibility of circumvention of internal controls through collusion with employees or with
parties outside the entity.
♦ The possibility that a person responsible for exercising an internal control could abuse that
responsibility, for example, a member of management overriding an internal control.
♦ Manipulations by management with respect to transactions or estimates and judgements
required in the preparation of financial statements.
5. (a) The Positive impacts of IT Act, 2000 in perspective of e-commerce in India are as follows:
♦ The Act offers the legal framework for the authentication and origin of electronic
records/communications through digital signatures.
♦ The implications for the e-businesses would be that email would now be a valid and legal form
of communication in India that can be duly produced and approved in a court of law.
♦ Companies shall now be able to carry out electronic commerce using the legal infrastructure
provided by the Act.
♦ Digital signatures have been given legal validity and sanction in the Act.
♦ The Act throws open the doors for the entry of corporate companies in the business of being
Certifying Authorities for issuing Digital Signatures Certificates.
♦ The Act now allows Government to issue notification on the web thus heralding e-governance.
♦ The Act enables the companies to file any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate Government in

electronic form by means of such electronic form as may be prescribed by the appropriate
Government.
♦ The IT Act also addresses the important issues of security, which are so critical to the success
of electronic transactions.
♦ The Act has given a legal definition to the concept of secure digital signatures that would be
required to have been passed through a system of a security procedure, as stipulated by the
Government at a later date.
(b) Information security is comprised of the following sub-processes:
 Information Security Policies, Procedures and practices: Refers to the processes relating
to approval and implementation of information security. The security policy is basis on which
detailed procedures and practices are developed and implemented at various
units/department and layers of technology, as relevant. These cover all key areas of securing
information at various layers of information processing and ensure that information is made
available safely and securely.
 User Security Administration: Refers to security for various users of information systems.
The security administration policy documents define how users are created and granted
access as per organization structure and access matrix. It also covers the complete
administration of users right from creation to disabling of users is defined as part of security
policy.
 Application Security: Refers to how security is implemented at various aspects of application
right from configuration, setting of parameters and security for transactions through various
application controls.
 Database Security: Refers to various aspects of implementing security for the database
software.
 Operating System Security: Refers to security for operating system software which is
installed in the servers and systems which are connected to the servers.
 Network Security: Refers to how security is provided at various layers of network and
connectivity to the servers.
 Physical Security: Refers to security implemented through physical access controls.

1. (A)
(i) (ii) (iii) (iv) (v)
(b) (d) (a) (d) (a)
(B) (d)
(C) (a)
(D) (c)
(E) (c)
(F) (c)
(G) (d)
(H) (c)
(I) (d)
2. The Delta company is transitioning into the hourglass organization structure because it has used
technological tools to transform various business processes and operations and has significantly
diminished the role played by specialist managers of the middle management. The technological tool in
addition to saving organizational costs by replacing many tasks of the middle management has also served
as a link between top and bottom levels in the organization and assists in faster decision making. The
skewed middle level managers now perform cross-functional duties. All these factors indicate towards
hourglass organization structure.
3. (a) Acquisitions and mergers are basically combination strategies. Some organizations prefer to
grow through mergers. Merger is considered to be a process when two or more companies come
together to expand their business operations. In such a case the deal gets finalized on friendly
terms and both the organizations share profits in the newly created entity. In a merger , two
organizations combine to increase their strength and financial gains along with breaking the trade
barriers.
When one organization takes over the other organization and controls all its business operations,
it is known as acquisition. In this process of acquisition, one financially strong organiza tion
overpowers the weaker one. Acquisitions often happen during recession in economy or during
declining profit margins. In this process, one that is financially stronger and bigger establishes it s
power. The combined operations then run under the name of the powerful entity. A deal in case
6

of an acquisition is often done in an unfriendly manner, it is more or less a forced association
where the powerful organization either consumes the operation or a company in loss is forced to
sell its entity.
(b) Research and Development (R&D) personnel can play an integral part in strategy
implementation. These individuals are generally be charged with developing new products and
improving old products in a way that will allow effective strategy implementation. R&D employees
and managers perform tasks that include transferring complex technology, adjusting processes to
local raw materials, adapting processes to local markets, and altering products to particular
tastes and specifications.
Strategies such as product development, market penetration, and concentric diversification
require that new products be successfully developed and that old products be significantly
improved. But the level of management support for R&D is often constrained by resource
availability.
4. (a) The following are the benefits of strategic approach to managing:
 Strategic management helps organisations to be more proactive instead of reactive in shaping
its future. Organisations are able to analyse and take actions instead of being mere spectators.
Thereby they are able to control their own destiny in a better manner. It helps them in working
within vagaries of environment and shaping it, instead of getting carried away by its turbulence
or uncertainties.
 Strategic management provides framework for all the major decisions of an enterprise such as
decisions on businesses, products, markets, manufacturing facilities, investments and
organisational structure. It provides better guidance to entire organisation on the crucial point -
what it is trying to do.
 Strategic management is concerned with ensuring a good future for the firm. It seeks to prepare
the corporation to face the future and act as pathfinder to various business opportunities.
Organisations are able to identify the available opportunities and identify ways and means as
how to reach them.
 Strategic management serves as a corporate defence mechanism against mistakes and pitfalls.
It helps organisations to avoid costly mistakes in product market choices or investments. Over a
period of time strategic management helps organisation to evolve certain core competencies and
competitive advantages that assist in its fight for survival and growth.
(b) A company’s mission statement is typically focused on its present business scope — “who we are
and what we do”; mission statements broadly describe an organizations present capability,
customer focus activities and business makeup. An organisation’s mission states what customers
it serves, what need it satisfies, and what type of product it offers. It is an expression of the
growth ambition of the organisation. It helps organisation to set its own special identity, business
emphasis and path for development. Mission amplifies what brings the organization to this
business or why it is there, what existence it seeks and what purpose it seeks to achieve as a
business organisation.
In other words, the mission serves as a justification for the firm's very presence and existence; it
legitimizes the firm's presence.
5. (a) Impact of IT Systems on Business Process Reengineering are identified as:
 Compression of time
 Overcoming restrictions of geography and/or distance
 Restructuring of relationships
IT initiatives, thus, provide business values in three distinct areas:

 Efficiency – by way of increased productivity
 Effectiveness – by way of better management
 Innovation – by way of improved products and services
(b) Cost leadership emphasizes producing standardized products at a very low per -unit cost for
consumers who are price-sensitive. Differentiation is a strategy aimed at producing products and
services considered unique industry wide and directed at consumers who are relatively price-
insensitive.
A primary reason for pursuing forward, backward, and horizontal integration strategies is to gain
cost leadership benefits. But cost leadership generally must be pursued in conjunction with
differentiation. Different strategies offer different degrees of differentiation. A differentiation
strategy should be pursued only after a careful study of buyers’ needs and preferences to
determine the feasibility of incorporating one or more differentiating features into a unique
product. A successful differentiation strategy allows a firm to charge a higher price for its product
and to gain customer loyalty.
6. (a) Experience curve is similar to learning curve which explains the efficiency gained by workers
through repetitive productive work. Experience curve is based on the commonly observed
phenomenon that unit costs decline as a firm accumulates experience in terms o f a cumulative
volume of production. It is represented diagrammatically as follows:
The implication is that larger firms in an industry would tend to have lower unit costs as
compared to those of smaller organizations, thereby gaining a competitive cost advantage.
Experience curve results from a variety of factors such as learning effects, economies of scale,
product redesign and technological improvements in production.
The concept of experience curve is relevant for a number of areas in strategic management. For
instance, experience curve is considered a barrier for new firms contemplating entry in an
industry. It is also used to build market share and discourage competition.
(b) Corporate culture distinguishes one organisation from another. It refers to a company’s values,
beliefs, business principles, traditions, and ways of operating and internal work environment.
Every corporation has a culture that exerts powerful influences on the behaviour of managers.
Culture affects not only the way managers behave within an organization but also the decisions
they make about the organization’s relationships with its environment and its strategy.
A culture grounded in values, practices, and behavioural norms that match what is needed for
good strategy execution helps energize people throughout the company to do their jobs in a
strategy-supportive manner, adding significantly to the power and effectiveness of strategy
execution

Culture is both a strength and a weakness as follows:
Culture as a strength: As a strength, culture can facilitate communication, decision-making &
control and create cooperation & commitment. An organization’s culture could be strong and
cohesive when it conducts its business according to a clear and explicit set of principles and
values, which the management devotes considerable time to communicating to employees and
which values are shared widely across the organization.
Culture as a weakness: As a weakness, culture may obstruct the smooth implementation of
strategy by creating resistance to change. An organization’s culture could be characterized as
weak when many subcultures exist, few values and behavioral norms are shared and traditions
are rare. In such organizations, employees do not have a sense of commitment and loyalty with
the organisation.

Test Series: April 2021
MOCK TEST PAPER-II
SECTION – A: Enterprise Information Systems
Part I: Multiple Choice Questions
Question Nos. 1 to 5 carries 2 marks each and are based on the Case scenario given below.
GoCart is one amongst the popular e-commerce shopping portals delivering the products in India and SAARC
nations with its head office in New Delhi. It recently entered into a Service Level Agreement (SLA) with
Google, wherein Google would provide the necessary application framework, testing tools to GoCart to
develop and deploy its application online. On successful deployment of its application and in order to get a
competitive advantage over other e-Commerce providers, GoCart launched a multi-saver sale wherein huge
discount on the best brands are available, complimentary gifts for purchases above a certain amount and
express free delivery are also provided. All the revenue generated through the multi saver sale will be routed
through a separate current account maintained with CSC Bank, from where GoCart has already taken a loan.
With the increase in the cybercrimes and misuse of customer data, GoCart has implemented stringent
controls to prevent any unauthorized access to data and has opened up new job roles exclusively with
objective of ensuring security at network and operating system levels. GoCart has also implemented certain
controls to avoid the risk that prevent it from losses due to failure of internal processes, any criminal activity
by an employee and product/service failure. Further to comply with the regulatory requirements, GoCart
books of accounts are well maintained and subjected to annual statutory audit and the business reporting is
done through XBRL.
1. GoCart has implemented certain controls to avoid the risk for prevention of losses due to failure of
internal processes, any criminal activity by an employee and product/service failure. Which among the
following risk would GoCart be subjected to in this case?
(a) Strategic Risk
(b) Operational Risk
(c) Financial Risk
(d) Residual Risk
2. For GoCart, the business reporting is done using XBRL. Identify the feature of XBRL which stops poor
quality information being sent to a regulator, when the draft report is being run by one of its staff who
had prepared the same?
(a) Clear Definition
(b) Multilingual support
(c) Strong Software Support
(d) Testable Business Rules
1
3. With the objective of maintaining utmost security, GoCart recruited Mr. Y to examine logs from firewalls,
intrusion detection system and to issue security advisories to other members in IT depar tment. Which
of the following job roles best fits into job profile of Mr. Y?
(a) Operations Manager
(b) Network Architect
(c) Security Analyst
(d) Database Administrator
4. With the recently entered Service Level Agreement (SLA) with Google, GoCart successfully develope d
and deployed its new application. Identify the type of cloud service utilized by GoCart in the application
which is developed online?
(a) Infrastructure as a Service
(b) Platform as a Service
(c) Software as a Service
(d) Network as a Service
5. In addition to routing the revenue in accounts maintained with CSC Bank, GoCart also has taken various
loans and advances from CSC Bank. If CSC Bank faces the information security risk of non -
establishment of user accountability for the accounts created for GoCart, which control would be best
suggested for this?
(a) The identity of users is authenticated to system through password.
(b) System validations have been implemented to restrict set up of duplicate customer master records.
(c) All users are required to have a unique user id.
(d) Access for changes made to the configuration, parameter settings is restricted to authorized user.
Question Nos. 6 to 10 are independent questions of 1 mark each.
6. NMN Ltd. has its five branches in different cities of India. All branches are interconnected and use
centralized mechanism for data sharing and storage. To have a secure communication between its
various branches, the company has installed anti-virus software and intrusion prevention system. The
installation of these systems is covered under which type of control?
(a) Detective Control
(b) Preventive Control
(c) Community Control
(d) Application Control
7. Which of the following term related to Risk refers to an action, device, procedure, technique or other
measure that reduces the vulnerability of a component or system in an organization.
(a) Residual Risk
(b) Risk Management
(c) Threat
(d) Counter Measure
2
8. XYZ Ltd. provides Data Processing services to its clients. It has received a big contract from DEF
Insurance Company for its data processing. With limited PCs at its office, XYZ Ltd. approached Amazon
Web Services to hire and access Virtual Machines for data processing on pay-as per usage concept.
Which Cloud Computing Service Model is being used by XYZ Ltd.?
(a) Software as a Service (SaaS)
(b) Platform as a Service (PaaS)
(c) Infrastructure as a Service (IaaS)
(d) Network as a Service (NaaS)
9. M/s SS and Sons, a renowned chartered accountancy firm has many branch offices all over Madhya
Pradesh. The management thought that as IT operations and the maintenance of hardware and software
are not their core area, they decided to host its application on internet and outsource the IT functions.
Through this initiative, firm provides online services to its clients regarding registration, trademark, and
taxation through an online assistant. This is an example of which type of application.
(a) Cloud based Application
(b) Built-in Application
(c) Installed Application
(d) Customer Application
10. VV designers, the manufacturers of bath accessories allow their customer to pay in cash only. Now, with
the demand of cashless economy the company decided to allow its customers to pay either through
cash or through credit/debit cards. The company uses the key control that transaction cannot be made
if the aggregate limit of outstanding amount exceeds the credit limit assigned to customer. Identify the
risk related to credit card processing for which this key control is applied.
(a) Credit Line setup is unauthorized and not in line with the bank’s policy.
(b) Credit Line setup can be breached.
(c) Masters defined are not in accordance with the Pre-Disbursement Certificate.
(d) Inaccurate reconciliations performed.
Part II: Descriptive Questions
1. (a) Identify the Logical Access Violators who exploit logical exposures in an organization. Briefly
explain them. (3 Marks)
(b) Write a short note on “Automated Teller Machine (ATM) Channel Server”. (2 Marks)
2. (a) ABC Ltd., a soft drink manufacturing company was established in 2010. The company has
implemented some modules of ERP and was managing good business in initial seven years of its
establishment. After that, the customer’s feedback indicated a decline in the sale and therefore,
the targets could not be achieved. On analyzing the customers’ feedback, the management decided
to incorporate CRM Module of ERP System to improvise its relationship with existing customers,
find new prospective customers and win back former customers. The company implemented CRM
module and found acceleration in the growth of its sale for past four years. Discuss various key
benefits of CRM module that the company may have availed after implementing CRM? (6 Marks)
(b) Grid computing is a distributed architecture of large numbers of computers connected to solve a
complex problem. With reference to this line, identify the application areas where this technology
can be used effectively and efficiently. (4 Marks)
3
3. (a) As an internal auditor of an organization, Mr. Anil reviews various physical security controls
implemented within his organization. Discuss various activities that he would perform while doing
auditing these physical access controls? (6 Marks)
(b) Describe the Section 63 in prevention of Money Laundering that specifies the punishment for false
implementation or failure to give information, etc. (4 Marks)
4. (a) Suppose you are an IT consultant of ABC enterprises. What general controls would you apply to
all components of system, processes and data for ABC enterprises to ensure the security of
information system and application program. (6 Marks)
(b) Mr. Rajesh joined as an assistant to Chief Manager of loan department in KK Financials. His job
profile demands to provide an MIS report on every weekend to Chief Manager about the various
details regarding customers’ service calls. Discuss the various criteria that information in his report
should meet, so that it should be useful to the chief manager. (4 Marks)
5. (a) Cloud computing is one of the emerging technologies used in several organizations, yet it has
many pertinent issues. Discuss the major pertinent issues related to cloud computing. (6 Marks)
(b) Determine all the sub processes that are included under an Order to Cash Process. (4 Marks)
4
1. (A) Amrutha, a third year computer science student living in Tamilnadu, realised that during covid-19
pandemic her mother was not able to buy the basic products that she used in her worship
routine. As a result, many small vendors also went out of business during the lockdown. She
started studying more about the market and observed that the way the business was conducted
had many gaps and loopholes. She dedicated herself to develop a small market place where
consumers like her mother and small vendors could meet and trade, and called it Saamagree.
Her interaction with small vendors was a success factor, where she was able to convince them to
bring their business online and give them volume in sales. Vendors were hesitant early on, but
followed suit when they saw the benefits coming in. Amrutha, being a student was happy with the
growth and wanted to focus on studies more and let the business operate as usual.
To her surprise, her father's company which was a big FMCG brand took over her business
within a year itself, and designated Ms. Srividya Rajanan, to lead the division with Amrutha.
Amrutha, knew her customers and vendors very closely and Ms. Rajanan was an expansion
expert. So their division was developed as a simple structure within the organisation as an
experiment.
Ms. Rajanan’s marketing team expanded swiftly to rope in vendors from areas far and beyond
backed by their in-house distribution channels. However, the initial vendors and customers felt
betrayed as their trust rested in Amrutha and her personalised touch to the business. It took the
team months to build an identity that matched the sincerity of a one woman led brand.
The market segment has been a very niche one for the FMCG brand however the results have
been satisfying. The plan is to go Pan-India in the coming years with Amrutha leading from the
front and Ms. Rajanan exiting the division. New markets, new ways of business are inevitable
and bring a freshness to business is what Saamagree has proven.
Based on the above Case Scenario, answer the Multiple Choice Questions.
1. Which of the following characteristics has been one of the biggest strengths of Saamagree’s
management?
(a) Induce and direct events
(b) Induce and direct people
(c) Influence process to make things happen
(d) Gain command over the phenomena (1 Mark)
2. The leadership team decided to keep the organisation structure straight and simple based on
the intricacies of?
(a) Goals and objectives
(b) Vision statement
(c) Business definition
(d) Business model (1 Mark)
5
3. Before Ms. Srividya Rajanan joined the company, Amrutha’s intent was inclined towards which
of the following strategies?
(a) Combination strategy
(b) Retrenchment strategy
(c) Expansion strategy
(d) Stability strategy (1 Mark)
4. The marketing team of Saamagree could not gauge a very crucial aspect of markets that led to
a temporary dent in its brand positioning. Which of the following is being mentioned in the above
scenario?
(a) Switching costs of products
(b) Distribution channel accessibility
(c) Retaliation from the market
(d) Political influence in the industry (1 Mark)
5. The very ideation of the business was based on bringing about a change in existing ways of
business. What can be said about the basis of building Saamagree?
(a) Market penetration
(b) Business process reengineering
(c) Product differentiation
(d) Best cost provider strategy (1 Mark)
(B) A beverage company has more than 500 soft drink brands, but none of them is anywhere close
to its premium brand One Sip in awareness, revenue and profits. As per BCG's Matrix, One Sip
brand for the beverage company is?
(a) Star
(b) Dog
(c) Cash cow
(d) Question mark (2 Marks)
(C) Davis and Lawrence have proposed three distinct phases for development of matrix structure.
These phases are (1) Cross-functional task forces (2) Product/brand management and (3)
______.
(a) Market/external management
(b) Functional matrix
(c) Mature matrix
(d) Internal management (2 Marks)
(D) A famous restaurant enjoys full occupancy during the lunch and dinner time for last few months.
In fact, many customers go back as they have to wait for their turn. Between 15:00 hours to
18:00 hours, the occupancy rate is near to nil. To raise the footfalls of customers during this lean
time, the owner offers a discount of 20% on total bill if a customer comes in these 3 hours. Whic h
type of marketing strategy does the restaurant follow to attract the customers in the lean period?
(a) Differential Marketing
(b) Synchro-marketing
6
(c) Place Marketing
(d) Concentrated Marketing (2 Marks)
(E) What is the first step in the comprehensive strategic-management model?
(a) Developing vision and mission statements
(b) Performing external audits
(c) Measuring and evaluating performance
(d) Establishing long-term objectives (1 Mark)
(F) Which strategy is implemented after the failure of turnaround strategy?
(a) Expansion strategy
(b) Diversification strategy
(c) Divestment strategy
(d) Growth strategy (1 Mark)
(G) A firm successfully implementing a differentiation strategy would expect:
(a) Customers to be sensitive to price increases.
(b) To charge premium prices.
(c) Customers to perceive the product as standard.
(d) To automatically have high levels of power over suppliers. (1 Mark)
(H) Which one is NOT a type of strategic control?
(a) Operational control
(b) Strategic surveillance
(c) Special alert control
(d) Premise control (1 Mark)
2. Kamal Sweets Corner, a very popular sweets shop in Ranchi, was facing tough competition from
branded stores of packaged sweets and imported goods. The owners realised that their busi ness
reduced by 50% in the last six months, and this created a stressful business environment for them. To
find a solution, they consulted a business consultant to help them develop a strategy to fight
competition and sustain their century old family business. The business consultant advised them to
innovate a new snack for the public and market it as a traditional snack of the region. The owners
liked the idea and developed a new snack called Dahi Samosa, which very quickly became popular
amongst the public and it helped regain the lost business of Kamal Sweets Corner.
One of the very crucial importance of strategic management was used by the business consultant to
help the owners of Kamal Sweets Corner. Which one could it be? Also, was this strategy Reactive or
Proactive? According to you who are more beneficial in general parlance? (5 Marks)
3. (a) The presence of strategic management cannot counter all hindrances and always achieve
success for an organisation. What are the limitations attached to strategic management?
(5 Marks)
(b) What is a strategic group? Discuss the procedure for constructing a strategic group map.
(5 Marks)
7
4. (a) Mission statement of a company focuses on the question: ‘who we are’ and ‘what we do’. Explain
briefly. (5 Marks)
(b) Differentiate between Divestment and Liquidation strategy. (5 Marks)
5. (a) Domolo is a premium cycles and cycling equipments brand which targets high spending
customer with a liking for quality and brand name. Their cycles range from rupees fifteen
thousand to rupees one lac. The recent trend of fitness through cycling has created humongous
demand for cycles and peripherals like helmets, lights, braking systems, fitness applications, etc.
The customer base has grown 150% in the last three months. Mr. Vijay, who is an investor wants
to tap in this industry and bring about cheaper options to people who cannot spend so much.
Which business level strategy would best suit for Mr. Vijay’s idea and what are the major sub-
strategies that can be implemented to capture maximum market? (5 Marks)
(b) State the factors of human resource that have influence on employee’s competence. (5 Marks)
6. (a) Suresh Sinha has been recently appointed as the head of a strategic business unit of a large
multiproduct company. Advise Mr Sinha about the leadership role to be played by him in
execution of strategy. (5 Marks)
(b) Explain the various steps in Benchmarking process. (5 Marks)
8
Test Series: April, 2021
MOCK TEST PAPER - II
ANSWERS
MULTIPLE CHOICE QUESTIONS
1. (b) Operational Risk
2. (d) Testable Business Rules
3. (c) Security Analyst
4. (b) Platform as a Service
5. (c) All users are required to have a unique user id.
6. (b) Preventive Control
7. (d) Counter Measure
8. (c) Infrastructure as a Service (IaaS)
9. (a) Cloud based Application
10. (b) Credit Line setup can be breached.
Descriptive Questions
1. (a) Logical Access Violators are the persons who exploit logical exposures in an organization.
They are mainly as follows:
 Hackers: Hackers try their best to overcome restrictions to prove their ability. Ethical
hackers most likely never try to misuse the computer intentionally but assists in finding the
weaknesses in the system;
 Employees (authorized or unauthorized);
 IS Personnel: They have easiest to access to computerized information since they come
across to information during discharging their duties. Segregation of duties and supervision
help to reduce the logical access violations;
 Former Employees: should be cautious of former employees who have left the organization
on unfavorable terms;
 End Users; Interested or Educated Outsiders; Competitors; Foreigners; Organized
Criminals; Crackers; Part-time and Temporary Personnel; Vendors and consultants; and
Accidental Ignorant – Violation done unknowingly.
(b) Automated Teller Machines (ATM) Channel Server: This server contains the details of ATM
account holders. Soon after the facility of using the ATM is created by the Bank, the details of
such customers are loaded on to the ATM server. When the Central Database is busy with
central end-of- day activities or for any other reason, the file containing the account balance of
the customer is sent to the ATM switch. Such a file is called Positive Balance File (PBF). This
ensures not only continuity of ATM operations but also ensures that the Central database is
always up-to-date. The above process is applicable to stand alone ATMs at the Branch level. As
most of the ATMs are attached to the central network, the only control is through ATM Switch.
1
2. (a) The key benefits of CRM module that the company may have availed are as follows:
 Improved customer relations: One of the prime benefits of using a CRM is obtaining
better customer satisfaction. By using this strategy, all dealings involving servicing,
marketing, and selling out products to the customers can be carried out in an organized and
systematic way. Better services can be provided to customers through improved
understanding of their issues and this in turn helps in increasing customer loyalty and
decreasing customer agitation. In this way, continuous feedback from the customers
regarding the products and services can be received. It is also possible that the customers
may recommend the product to their acquaintances, when efficient and satisfactory services
are provided.
 Increase customer revenues: By using a CRM strategy for any business, the revenue of
the company can be increased. Using the data collected, marketing campaigns can be
popularized in a more effective way. With the help of CRM software, it can be ensured that
the product promotions reach a different and brand new set of customers, and not the ones
who had already purchased the product, and thus effectively increase the customer
revenue.
 Maximize up-selling and cross-selling: A CRM system allows up-selling which is the
practice of giving customers premium products that fall in the same category of their
purchase. The strategy also facilitates cross selling which is the practice of offering
complementary products to customers, based on their previous purchases. This is done by
interacting with the customers and getting an idea about their wants, needs, and patterns of
purchase. The details thus obtained will be stored in a central database, which is accessible
to all company executives. So, when an opportunity is spotted, the executives can promote
their products to the customers, thus maximizing up-selling and cross selling.
 Better internal communication: Following a CRM strategy helps in building up better
communication within the company. The sharing of customer data between different
departments will enable them to work as a team. This is better than functioning as an
isolated entity, as it will help in increasing the company’s profitability and enabling better
service to customers.
 Optimize marketing: CRM enables to understand the customer needs and behavior in a
better way, thereby allowing any enterprise to identify the correct time to market its product
to the customers. CRM will also give an idea about the most profitable customer groups,
and by using this information, similar prospective groups, at the right time will be targeted.
In this way, marketing resources can be optimized efficiently and time is not wasted on less
profitable customer groups.
(b) The application areas where Grid Computing can be used effectively and efficiently are as
follows:
 Civil engineers collaborate to design, execute, & analyze shake table experiments.
 An insurance company mines data from partner hospitals for fraud detection.
 An application service provider offloads excess load to a compute cycle provider.
 An enterprise configures internal & external resources to support e-Business workload.
 Large-scale science and engineering are done through the interaction of people,
heterogeneous computing resources, information systems and instruments, all of which are
geographically and organizationally dispersed.
3. (a) The activities that Mr. Anil would be performing while doing auditing of physical access controls
are as follows:
2
(i) Sitting and Marking: Auditing building sitting and marking requires attention to several key
factors and features, including:
o Proximity to hazards: The IS auditor should estimate the building’s distance to
natural and manmade hazards, such as Dams; Rivers, lakes, and canals; Natural gas
and petroleum pipelines; Water mains and pipelines; Earthquake faults; Areas prone to
landslides; Volcanoes; Severe weather such as hurricanes, cyclones, and tornadoes;
Flood zones; Military bases; Airports; Railroads and Freeways. The IS auditor should
determine if any risk assessment regarding hazards has been performed and if any
compensating controls that were recommended have been carried out.
o Marking: The IS auditor should inspect the building and surrounding area to see if
building(s) containing information processing equipment identify the organization.
Marking may be visible on the building itself, but also on signs or parking stickers on
vehicles.
(ii) Physical barriers: This includes fencing, walls, barbed/razor wire, bollards, and crash
gates. The IS auditor needs to understand how these are used to control access to the
facility and determine their effectiveness.
(iii) Surveillance: The IS auditor needs to understand how video and human surveillance are
used to control and monitor access. He or she needs to understand how (and if) video is
recorded and reviewed, and if it is effective in preventing or detecting incidents.
(iv) Guards and dogs: The IS auditor need to understand the use and effectiveness of security
guards and guard dogs. Processes, policies, procedures, and records should be examined
to understand required activities and how they are carried out.
(v) Key-Card systems: The IS auditor needs to understand how key-card systems are used to
control access to the facility. Some points to consider include: Work zones: Whether the
facility is divided into security zones and which persons are permitted to access which
zones whether key-card systems record personnel movement; What processes and
procedures are used to issue keycards to employees? etc.
(b) [Section 63] Punishment for false information or failure to give information, etc.
(1) Any person willfully and maliciously giving false information and so causing an arrest or a
search to be made under this Act shall on conviction be liable for imprisonment for a term
which may extend to two years or with fine which may extend to fifty thousand rupees or
both.
(2) If any person -
(a) being legally bound to state the truth of any matter relating to an offence under section
3, refuses to answer any question put to him by an authority in the exercise of its
powers under this Act; or
(b) refuses to sign any statement made by him in the course of any proceedings under this
Act, which an authority may legally require to sign; or
(c) to whom a summon is issued under section 50 either to attend to give evidence or
produce books of account or other documents at a certain place and time, omits to
attend or produce books of account or documents at the place or time, he shall pay, by
way of penalty, a sum which shall not be less than five hundred rupees but which may
extend to ten thousand rupees for each such default or failure.
(3) No order under this section shall be passed by an authority referred to in sub-section (2)
unless the person on whom the penalty is proposed to be imposed is given an opportunity of
being heard in the matter by such authority.
3
(4) Notwithstanding anything contained in clause (c) of sub-section (2), a person who
intentionally disobeys any direction issued under section 50 shall also be liable to be
proceeded against under section 174 of the Indian Penal Code (45 of 186 0).
4. (a) General Controls that can be applied to all components of system are as follows:
• Information Security Policy: The security policy is approved by the senior management
and encompasses all areas of operations of bank and drives access to information across
the enterprise and other stakeholders.
• Administration, Access, and Authentication: IT should be administered with appropriate
policies and procedures clearly defining the levels of access to information and
authentication of users.
• Separation of key IT functions: Secure deployment of IT requires the bank to have
separate IT organization structure with key demarcation of duties for different personnel
within IT department and to ensure that there are no Segregation of Duties (SoD) conflicts.
• Management of Systems Acquisition and Implementation: Software solutions for CBS
are most developed acquired and implemented. Hence, process of acquisition and
implementation of systems should be properly controlled.
• Change Management: IT solutions deployed and its various components must be changed
in tune with changing needs as per changes in technology environment, business
processes, regulatory and compliance requirements. These changes impact the live
environment of banking services. Hence, change management process should be
implemented to ensure smooth transition to new environments covering all key changes
including hardware, software and business processes. All changes must be properly
approved by the management, before implementation.
• Backup, Recovery and Business Continuity: Heavy dependence on IT and criticality
makes it imperative that resilience of banking operations should be ensured by having
appropriate business continuity including backup, recovery and off-site data center.
• Proper Development and Implementation of Application Software: Application software
drives the business processes of the banks. These solutions in case developed and
implemented must be properly controlled by using standard software development process.
• Confidentiality, Integrity and Availability of Software and data files: Security is
implemented to ensure Confidentiality, Integrity and Availability of information.
Confidentiality refers to protection of critical information. Integrity refers to ensuring
authenticity of information at all stages of processing. Availability refers to ensuring
availability of information to users when required.
• Incident response and management: There may be various incidents created due to
failure of IT. These incidents need to be appropriately responded and managed as per pre -
defined policies and procedures.
• Monitoring of Applications and supporting Servers: The Servers and applications
running on them are monitored to ensure that servers, network connections and application
software along with the interfaces are working continuously.
• Value Add areas of Service Level Agreements (SLA): SLA with vendors is regularly
reviewed to ensure that the services are delivered as per specified performance
parameters.
• User training and qualification of Operations personnel: The personnel deployed have
required competencies and skill-sets to operate and monitor the IT environment.
4
(b) The various criteria that information in Mr. Rajesh’s report should meet so that it should be useful
to his credit chief manager are as follows:
 Relevant - MIS reports need to be specific to the business area they address. This is
important because a report that includes unnecessary information might be ignored.
 Timely - Managers need to know what’s happening now or in the recent past to make
decisions about the future. Be careful not to include information that is old. An example of
timely information for your report might be customer phone calls and emails going back 12
months from the current date.
 Accurate - It’s critical that numbers add up and that dates and times are correct. Managers
and others who rely on MIS reports can’t make sound decisions with information that is
wrong. Financial information is often required to be accurate to the dollar. In other cases, it
may be OK to round off numbers.
 Structured - Information in an MIS report can be complicated. Making that information easy
to follow helps management understand what the report is saying. Try to break long
passages of information into more readable blocks or chunks and give these chunks
meaningful headings.
5. (a) The pertinent issues related to Cloud Computing are as follows:
 Threshold Policy: The main objective of implementing threshold policy is to inform cloud
computing service consumers and providers what they should do. Quite often, this policy
does not exist. The only legal document between the customer and service provider is the
Service Level Agreement (SLA). This document contains all the agreements between the
customer and the service provider; it contains what the service provider is doing and is
willing to do. However, there is no standard format for the SLA, and as such, there may be
services not documented in the SLA that the customer may be requiring in future. A
carefully drafted threshold policy outlines what cloud computing service consumers and
providers should do. It is important to consider how the cloud service provider will handle
sudden increases or decreases in demand. How will unused resources be allocated?
 Interoperability: If a company enters into a contract with one cloud computing vendor, it
may find it difficult to change to another computing vendor that has proprietary APIs
(application programming interfaces) and different formats for importing and exporting data.
Industry cloud computing standards do not exist for APIs or formats for importing/exporting
data. This creates problems of achieving interoperability of applications between two cloud
computing vendors. Once a company is locked in with one cloud provider, it is not easy to
move an entire infrastructure to other clouds. Moreover, each cloud provider offers a unique
set of services and tools for operating and controlling its cloud. Learning a new cloud
environment is similar to learning a new technology.
 Hidden Costs: Such costs may include higher network charges for storage and database
applications, or latency issues for users who may be located far from cloud service
providers.
 Unexpected Behaviour: An application may perform well at the company’s internal data
centre. It does not necessarily imply that the application will perform the same way in the
cloud. Therefore, it is essential to test its performance in the cloud for unexpected behavior.
Testing may include checking how the application allocates resources on sudden increase
in demand for resources and how it allocates unused resources. This problem must be
solved before obtaining services from the cloud.
 Security Issues: Cloud computing infrastructures use new technologies and services, most
which have not been fully evaluated with respect to security. The important security issues
5
with cloud computing are: the management of the data might not be fully trustworthy; the
risk of malicious insider attacks in the cloud; and the failing of cloud services. Ma intaining
confidentiality is one the major issues faced in cloud systems because information is stored
at a remote location which can be accessed by the service provider. Data confidentiality can
be preserved by encrypting data. Cloud systems share computational resources, storage,
and services between multiple customer applications in order to achieve efficient utilization
of resources while decreasing cost. However, this sharing of resources may violate the
confidentiality users’ IT Assets. It must be ensured that there a degree of isolation between
these users. In most cases, the provider must ensure that their infrastructure is secure and
that their consumers’ data and applications are protected while the customer must ensure
that the provider has taken the proper security measures to protect their information.
 Legal Issues: Cloud systems need to adhere to several regulatory requirements, privacy
laws and data security laws. These laws vary from country to country and cloud users have
no control over where their data is physically located.
 Software Development in Cloud: From the perspective of the application development,
developers face the complexity of building secure applications that may be hosted in the
cloud. The speed at which applications will change in the cloud will affect both the System
Development Life Cycle (SDLC) and security. The project manager must keep in mind the
applications should be upgraded frequently. For this, the project manager must ensure that
their application development processes are flexible enough to keep up with the changes.
 Bugs in Large-Scale Distributed Systems: One of the difficult challenges in Cloud
Computing is removing errors in these very large scale distributed systems.
(b) The different sub processes involved in the process Order to Cash Cycle are as follows:
(i) Sales and Marketing (SM)
 Advertises and markets the company’s products and books sales orders from
customers.
(ii) Order Fulfilment
 Receives orders from SM.
 Checks inventory to establish availability of the product. If the product is available in
stock, transportation is arranged and the product is sent to the customer.
(iii) Manufacturing
 If the product is not available in stock, this information is sent to the manufacturing
department so that the product is manufactured and subsequently sent to the
customer.
(iv) Receivables
 The invoice is created, sent to the customer, payment received and the invoice closed.
 Under each sub process, there could be many activities. For example:
o Main Process - Order Fulfilment
o Sub Process –Receive Orders
o Other Activities –Check correctness and validity of information in order, enter
order in computer system, check credit worthiness of customer, check credit limit,
obtain approval for any discrepancy etc.
6
1. (A)
(1) (2) (3) (4) (5)
(b) (c) (d) (c) (b)
(B) (c)
(C) (c)
(D) (b)
(E) (a)
(F) (c)
(G) (b)
(H) (a)
2. The strategy used here was of developing a competitive advantage via product which helped Kamal
Sweets Corner regain their lost business. This is also one of the major importance cum advantage of
strategic management, that is helps to develop core competencies and competitive advantages to
overcome competition.
This strategy was a Reactive strategy. Wherein, the owners saw their business fall to 50% of revenue
and then seeking a strategic advisory. They did not plan proactively as to when the new shops were
already opening. They reacted only when the business started to lose up.
Generally, it is always beneficial to develop strategies proactively, so that the dip in businesses is
small and manageable, and even if they are huge, the management has ample time to fix it.
3. (a) The presence of strategic management cannot counter all hindrances and always achieve
success as there are limitations attached to strategic management. These can be explained in
the following lines:
 Environment is highly complex and turbulent. It is difficult to understand the complex
environment and exactly pinpoint how it will shape-up in future. The organisational estimate
about its future shape may awfully go wrong and jeopardise all strategic plans. The
environment affects as the organisation has to deal with suppliers, customers, governments
and other external factors.
 Strategic Management is a time-consuming process. Organisations spend a lot of time
in preparing, communicating the strategies that may impede daily operations and negatively
impact the routine business.
 Strategic Management is a costly process. Strategic management adds a lot of expenses
to an organization. Expert strategic planners need to be engaged, efforts are made for
analysis of external and internal environments devise strategies and properly implement.
These can be really costly for organisations with limited resources particularly when small
and medium organisations create strategies to compete.
In a competitive scenario, where all organisations are trying to move strategically, it is difficult to
clearly estimate the competitive responses to the strategies.
7
(b) A strategic group consists of those rival firms which have similar competitive approaches and
positions in the market. Companies in the same strategic group can resemble one another in any
of the several ways – have comparable product-line breadth, same price/quality range, same
distribution channels, same product attributes, identical technological approaches, offer similar
services and technical assistance and so on.
The procedure for constructing a strategic group map and deciding which firms belong in which
strategic group is as follows:
 Identify the competitive characteristics that differentiate firms in the industry typical
variables are price/quality range (high, medium, low); geographic coverage (local, regiona l,
national, global); degree of vertical integration (none, partial, full); product -line breadth
(wide, narrow); use of distribution channels (one, some, all); and degree of service offered
(no-frills, limited, full).
 Plot the firms on a two-variable map using pairs of these differentiating characteristics.
 Assign firms that fall in about the same strategy space to the same strategic group.
 Draw circles around each strategic group making the circles proportional to the size of the
group’s respective share of total industry sales revenues.
4. (a) A company’s mission statement is typically focused on its present business scope — “who we are
and what we do”; mission statements broadly describe an organizations present capabilities,
customer focus activities and business makeup. An organisation’s mission states what customers
it serves, what need it satisfies, and what type of product it offers. It is an expression of the
growth ambition of the organisation. It helps organisation to set its own special identity, business
emphasis and path for development. Mission amplifies what brings the organisation to this
business or why it is there, what existence it seeks and what purpose it seeks to achieve as a
business organisation.
In other words, the mission serves as a justification for the firm's very presence and existence; it
legitimizes the firm's presence.
(b) Following are the differences between Divestment and Liquidation strategy:
Divestment Strategy Liquidation Strategy
Divestment strategy involves the sale or It involves closing down a firm and selling its
liquidation of a portion of business, or a major assets.
division, profit center or SBU.
Divestment is usually a part of rehabilitation Liquidation becomes only option in case of
or restructuring plan and is adopted when a severe and critical conditions where either
turnaround has been attempted but has turnaround or divestment are not seen as
proved to be unsuccessful. Option of a solution or have been attempted but failed.
turnaround may even be ignored if it is
obvious that divestment is the only answer.
Efforts are made for the survival of Liquidation as a form of retrenchment
organization. strategy is considered as the most extreme
and unattractive.
Survival of organization helps in retaining There is loss of employment with stigma of
personnel, at least to some extent. failure.
5. (a) The Best Cost Provider strategy would ensure a better reach to the not so affluent customers and
provide them with good quality cycles and equipments, thus tapping in on the increasing trend of
cycling.
Two sub-strategies that can be implemented are:
8
1. Offering lower prices than rivals for the same quality of products
2. Charging same prices for better quality of products
The idea of Mr. Vijay is to provide almost same quality of products in terms of functionality if not
so in terms of branding, to customer who do not have huge sums of money to pay. Thus, sub -
strategy number one, offering lower prices for almost same quality should be impl emented to
become the best cost provider of cycles and related equipments in the market.
(b) Human resource management has been accepted as a strategic partner in the formulation of
organization’s strategies and in the implementation of such strategies through human resource
planning, employment, training, appraisal and reward systems. The following points should be
kept in mind as they can have a strong influence on employee competence:
i. Recruitment and selection: The workforce will be more competent if a firm can
successfully identify, attract, and select highly competent applicants.
ii. Training: The workforce will be more competent if employees are well trained to perform
their jobs properly.
iii. Appraisal of performance: The performance appraisal is to identify any performance
deficiencies experienced by employees due to lack of competence. Such deficiencies, once
identified, can often be solved through counselling, coaching or training.
iv. Compensation: A firm can usually increase the competency of its workforce by offering
pay, benefits and rewards that are not only attractive than those of their competitors but
also recognizes merit.
6. (a) Leading change has to start with diagnosing the situation and then deciding which of several
ways to handle it. Managers have five leadership roles to play in pushing for good strategy
execution:
(i) Staying on top of what is happening, closely monitoring progress, solving out issues, and
learning what obstacles lie in the path of good execution.
(ii) Promoting a culture of esprit de corps that mobilizes and energizes organizational members
to execute strategy in a competent fashion and perform at a high level.
(iii) Keeping the organization responsive to changing conditions, alert for new opportunities,
bubbling with innovative ideas, and ahead of rivals in developing competitively valuable
competencies and capabilities.
(iv) Exercising ethical leadership and insisting that the company conduct its affairs like a model
corporate citizen.
(v) Pushing corrective actions to improve strategy execution and overall strategic performance.
(b) The various steps in Benchmarking Process are as under:
(i) Identifying the need for benchmarking: This step will define the objectives of the
benchmarking exercise. It will also involve selecting the type of benchmarking.
Organizations identify realistic opportunities for improvements.
(ii) Clearly understanding existing decisions processes: The step will involve compiling
information and data on performance.
(iii) Identify best processes: Within the selected framework best processes are identified.
These may be within the same organization or external to them.
(iv) Comparison of own process and performance with that of others: Benchmarking
process also involves comparison of performance of the organization with performance of
other organization. Any deviation between the two is analysed to make further
improvements.
9
(v) Prepare a report and implement the steps necessary to close the performance gap: A
report on benchmarking initiatives containing recommendations is prepared. Such a report
also contains the action plans for implementation.
(vi) Evaluation: Business organizations evaluate the results of the benchmarking process in
terms of improvements vis-à-vis objectives and other criteria set for the purpose. It also
periodically evaluates and reset the benchmarks in the light of changes in the conditions
that impact the performance.
10
Test Series: March, 2021
MOCK TEST PAPER - 1
SECTION – A: Enterprise Information Systems
Part I : Multiple Choice Questions
Question Nos. 1 to 5 carries 2 marks each.
M/s TAS & Sons is an automobile manufacturer of spare parts of four wheelers in India. The company has
four manufacturing units in various locations across the country. It also has two branch offices located in
Pune and Hyderabad to handle activities like orders, delivery, complaints and stock operations. The
company maintains its account with ABC Bank from where it also has taken various loans and advances.
Sometime ago, the company’s business processes like accounting, purchase, sales and inventory were
maintained in manual mode. The management of the company observed that the manual processing of
these activities hinder the overall working of the business related daily operations. This resulted in huge
gap in the flow of information, pending orders, delayed deliveries, and delayed decision making due to lack
of business reports and therefore overall non-performance. Thus, the management committee decides to
adopt the process of automation for its various business operations so that information flow would be timely
and consolidated within its branches and manufacturing units. To attain this objective, the service models of
Cloud Computing are proposed to be adopted so that the branches and manufacturing units are
interconnected with centralized mechanism of data sharing and storage. The proposed system with well-
implemented access controls will provide robust data security among its systems of branches and
manufacturing units. Not only the record keeping, but also data maintenance and reports generation would
become simpler after the implementation of proposed system. The management is also looking for better
prospects of adhering to the legal compliances of the country and also to initiate its business operations
through online mode.
Subsequently, the company hires a consultant Mr. Sumit to carry out the feasibility study of its proposed
system who prepares a feasibility report and submits to the management. Based on the go ahead report of
Mr. Sumit’s report, a project team is scheduled to be constituted who will work under him to execute the
project and ensure its delivery on time.
1. The Management committee of M/s TAS & Sons decides to automate its entire business processes
anticipating reaping better benefits for the company. Which of the following does not come under the
category of benefits of Automation?
(a) Consistency of automated processes
(b) Automating Redundant processes
(c) Reduction of turnaround time
(d) Better utilization of employees’ time

2. In purview of above case scenario, the management of M/s TAS & Sons decides to adopt the process
of automation for its various business processes so that information flow within its units and branches
would be timely and consolidated. The data is centralized and in case of loss of any set of data from
this location, whole business may come to stand still. Identify from the following control s that may be
useful to overcome the aforementioned risk.
(a) It can be controlled by removing redundant data.
(b) Back up arrangement needs to be strong.
(c) To allocate some funds in case of contingencies.
(d) Overhauling of organizational structure is required.
3. If the company hires XYZ Ltd. as its Cloud Computing service provider, which of the following model of
Cloud Computing would be useful for M/s TAS & Sons if XYZ Ltd. proposes to host company’s
application at its data center over the internet to make it accessible to the customers of M/s TAS &
Sons?
(a) Infrastructure as a Service
(b) Platform as a Service
(c) Software as a Service
(d) Database as a Service
4. In purview of the above case scenario, the company decides to install various internetwork processors
like routers and firewalls etc. for its business application through online mode in order to make its
whole network secure. Which type of control the company is planning to work on?
(a) Corrective Control
(b) Preventive Control
(c) Network Control
(d) Detective Control
5. M/s TAS & Sons maintains its account in ABC Bank which faces the application risk of incorrect
classification and provisioning of Non Performing Asset (NPA) resulting in financial mismanagement,
of company’s account. Which control would be best suggested to take care of this?
(a) Access for changes made to the configuration, parameter settings should be restricted to
authorized user.
(b) Unique Id should be created for each asset.
(c) The system parameters need to be set up as per business process rules of the bank.
(d) To ensure existence of configuration/customization in the application to perform NPA
classification as per relevant RBI guidelines.
Question No(s) 6 to 10 carries 1 mark each.
6. Except one, following are the means through which protection can be achieved in case an internet
connection exposes an organization to the harmful elements of the outside world . Identify it.
(a) Security of network services
(b) Call back devices

(c) Access Token
(d) Segregation of Networks
7 A company on the occasion of Diwali offers to provide an additional discount of 15% to its customers
on online bulk purchase of products worth Rs. 5,000 through its website. Which of the following
business model of e-commerce is being followed in this?
(a) Consumer to Business e-Commerce
(b) Business to Consumer e-Commerce
(c) Business to Business e-Commerce
(d) Consumer to Consumer e-Commerce
8. Money Laundering is commonly used by criminals to make dirty money appear legitimate. In this
context, which stage of Money Laundering involves the bank transfers between different accounts in
different names in different countries making deposit and withdrawals?
(a) Placement
(b) Layering
(c) Integration
(d) Financing
9. Which of the following statement is not correct for eXtensible Business Reporting Language (XBRL)?
(a) XBRL runs on XML technologies such as XML schema, and ensures that financial and non -
financial data is tagged to form a comparable reporting format.
(b) XBRL has the capability to allow the tagging of transactions that can themselves be aggregated
into XBRL reports.
(c) To publish performance information and allow straight through information processing are key
features of XBRL.
(d) XBRL is an open standard reporting language which is governed by XBRL, a non -profit
organization.
10. In the office of HNK Ltd., a master swipe access card is maintained at the front desk to enter into
executive’s cabin, in case of any emergency. In this case, the possibility of same may be misused by
an unauthorized employee to gain unauthorized access of the executive’s cabin would be categorized
as:
(a) Asset
(b) Vulnerability
(c) Accepted residual risk of exposure to potential risk of data theft
(d) Likelihood of compromise on CIA (Confidentiality, Integrity and Availability)
Part II: Descriptive Questions Total Marks: 35 Marks
Question No. 1 is Compulsory.
1. (a) Banking has played a vital and significant role in development of economy. In the light of this
statement, explain the key features of banking business. (3 Marks)
3

(b) Identify the disadvantages of Database Management System. (2 Marks)
2. (a) ERP system integrates all business components and updates the data between related business
functions. However, its implementation is a huge task that may require lot of time, money and
energy and its success majorly depend upon issues related to factors like people, process, and
technology. Briefly explain other implementation risks, if any, apart from the issues related to the
factors mentioned above. (6 Marks)
(b) With promotion of cashless economy, most of the businesses are using e-commerce and
m-commerce transactions. Enlist the commercial laws that are applicable to these transactions.
(4 Marks)
3. (a) ABC Ltd., a Delhi based financial consultant company has huge clientele having crucial data
about its clients. Therefore, the company has robust implementation of Logical Access Controls
to ensure that access to its systems, data and programs is restricted to authorized users to
safeguard information against unauthorized use. Describe all the technical exposure s against
which these Logical Access Controls provide security to the data and software of the company.
(6 Marks)
(b) XYZ Ltd. is the manufacturer of herbal medicines which is under the process of implementing
Enterprise Resource Planning (ERP) in its head office and various manufacturing units located
across the country. Explain the technological risks related to the implementation of ERP.
(4 Marks)
4. (a) During the pandemic Covid 19, the Government of India emphasized on the usage of various
digital mode of payments by the public at large. In light of this statement, explain various types of
cards that are provided to the account holders by the banks or companies to be used as digital
payment mode. (6 Marks)
(b) Though Business Process Automation (BPA) provides many benefits to companies which tend to
automate their business processes, however automation of the business processes is susceptible
to many challenges. Discuss these challenges. (4 Marks)
5. (a) Mr. Amar is the chief IT manager of a company who designed a new advisory for all employee s
mentioning the various cyber-crimes which may attract prosecution as per penalties and offences
prescribed in Information Technology Act, 2000. Describe the various cybercrimes that Mr. Amar
could have incorporated in his advisory. (6 Marks)
(b) DFK corporative bank of Uttar Pradesh decided to implement Core Banking System (CBS) to
facilitate integration of its entire business applications. Briefly explain how the deployment and
implementation of CBS can be controlled at various stages to ensure that objectives of DFK
corporative bank are achieved. (4 Marks)

1. (A) Rohansh Bakshi a 22-year-old from Maharashtra, started a gaming equipment company called
TEEMOX, which specialises in gaming chairs, gaming consoles, controllers, wireless keyboard,
and touchscreen mouse pads. Rohan has been an innovator and loves building products. Hence,
to prioritise his time more on development, he insisted Mr. N. Muniyappa, his mentor, to be the
CEO of the company and spearhead business from the front.
Rohansh has always believed in bringing something new to the consumer and that is clearly
projected in the products offered by TEEMOX. His designs reflect youth with exciting colors and
comfort, and they match the quality of global big brands. However, to make hi s products worth the
money that his customers are paying, the procurement is done from Indonesia and Vietnam, where
the materials are easily available at low costs.
Interestingly, Rohansh’s AI based gaming chairs have been a huge hit for the company, bringing
in the maximum revenue and margins. The business has gone from 200 units sold to over 5000
units sold in just six months. To add to it, a famous FMCG Brand approached TEEMOX to
collaborate for a sports drink focused on gamers. The team is excited about this collaboration as
the deal shall bring in more awareness and open newer markets for them. But Mr. Muniyappa
insists that this might as well displease the existing consumers who relate to TEEMOX as a
customer-oriented brand rather than yet another money minting business.
Nonetheless, the plans seem to be working in the company’s favour for now and the future seems
bright. To put in context, the gaming industry is booming with a Compound Annual Growth Rate
(CAGR) of 190%, adding over 20 million new customers every quarter. Clearly, o pportunities are
enormous, and the brand is on track. A well-established vision and mission for the company could
be a strong strategic advantage for challenging times to come.
Based on the above Case Scenario, answer the Multiple-Choice Questions which are as follows:
1. Based on the above case which of the following seems true above the Strategy of TEEMOX?
(a) Strategy was unified and comprehensive.
(b) Strategy was comprehensive and integrated.
(c) Strategy was integrated and unified.
(d) Strategy was integrated, unified and comprehensive. (1 Mark)
2. Gaming chair business of TEEMOX is a cash cow. Which of the following strategies helped
it become such an influential business?
(a) Organisation differentiation
(b) Product differentiation
(c) Focused differentiation
(d) Low-cost product provider (1 Mark)

3. By routing its products from Indonesian and Vietnam, TEEMOX was able to achieve which of
the following strategies on the holistic level of business?
(a) Product differentiation
(b) Horizontal integration of business
(c) Best cost provider in the industry
(d) Globalisation of business (1 Mark)
4. With the appointment of Mr. N. Muniyappa, Rohansh can be designated as which of the
following?
(a) Vice President
(b) CEO Emeritus
(c) Chairman
(d) Functional Head (1 Mark)
5. Which Ps of marketing have been the winning Ps for TEEMOX?
(a) Product and Place
(b) Promotion and Price
(c) Price and Product
(d) Promotion and Place (1 Mark)
(B) The Specialist Clothing Company (SCC) is a manufacturer of a wide range of clothing. Fashion is
one of the five divisions of SCC. Fashion is operating in a market with high growth and is a market
leader. By the next year, it is predicted to have 10% of the market share in a growing market.
Fashion should be classified as which of the following according to the BCG matrix.
(a) Star
(b) Dog
(c) Cash cow
(d) Question mark (2 Marks)
(C) Beta Company, a car manufacturer is buying up a supplier so that it gets a dedicated supplier with
both guaranteed quality and price. The material could be manufactured when required by Beta
Company leading to lower inventory levels. Which strategy has Beta Company adopted?
(a) Backward integration
(b) Forward integration
(c) Conglomerate diversification
(d) Horizontal integrated diversification (2 Marks)
(D) Developing vision and mission, identifying an organisation’s external opportunities and threats,
and determining internal strengths and weaknesses are:
(a) SBU planning
(b) Strategy formulation
6

(c) Strategy implementation
(d) Business process reengineering (2 Marks)
(E) As the head of an MNC, you have been asked to bring in radical changes in your organisation
through BPR. Which of these is the thrust area you would focus on reducing:
(a) Total cycle time
(b) Total order time
(c) Total inventory time
(d) None (2 Marks)
(F) Which of the following is correct?
(a) Strategy is always pragmatic and not flexible
(b) Strategy is not always perfect, flawless and optimal
(c) Strategy is always perfect, flawless and optimal
(d) Strategy is always flexible but not pragmatic (1 Mark)
(G) A corporation organized in network structure is often called
(a) Virtual organization
(b) Hierarchical organization
(c) Structured organization
(d) Simple organization (1 Mark)
2. X-Olympus is a gaming software company specializing in developing games for ZBox and GameStation-
4. The company is facing stiff competition due to saturation of market and price wars, which h as
excessively favor and highlight their dependence on gaming console manuf acturers. Thereby, the
company desires to establish a competitive advantage over industry rivals by enhancing the gaming
experience by expanding into Edge-Cloud Gaming Service on a monthly subscription basis. This service
offering does not require dedicated gaming consoles yet provide customers game streaming in 4K
resolution with an ample range of games to select from. This move is expected to insulate X -Olympus
from price wars and provide a competitive advantage. Identify and explain the generic strategies
adopted by X-Olympus? (5 Marks)
3. (a) "Strategy is partly proactive and partly reactive." Elaborate. (5 Marks)
(b) Examine the significance of KSFs (Key Success Factors) for competitive success. (5 Marks)
4. (a) Shri Alok Kumar is having his own medium size factory in Aligarh manufacturing hardware
consisting handles, hinges, tower bolts and so on. He has a staff of more than 220 in his
organisation. One of the leading brand of Hardware seller in India is rebrandi ng and selling the
material from his factory. Shri Alok Kumar, believes in close supervision and takes all major and
minor decisions in the organisation.
Do you think Shri Alok should take all decisions himself? What should be the nature of decisions
that should be taken by him. (5 Marks)
(b) How can management communicate that it is committed to creating a new culture assuming that
the old culture was problematic and not aligned with the company strategy? (5 Marks)

5. (a) Justify the statement "Stability strategy is opposite of Expansion strategy". (5 Marks)
(b) Explain the three major R & D approaches to implement strategic decisions. (5 Marks)
6. Distinguish between the following:
(a) Market Development and Product Development under Ansoff’s Product Market Growth Matrix.
(5 Marks)
(b) Distinguish between Strategy Formulation and Strategy Implementation. (5 Marks)

Test Series: March, 2021
MOCK TEST PAPER-I
INTERMEDIATE (IIPC): GROUP – II
ANSWERS
Part I: MULTIPLE CHOICE QUESTIONS (Answer 1-5 are based on case scenario)
1. (b) Automating Redundant processes
2. (b) Back up arrangement needs to be strong.
3. (c) Software as a Service
4. (b) Preventive control
5. (d) Existence of Configuration/customization in the application to perform NPA classification as per
relevant RBI guidelines.
6. (c) Access Token
7. (b) Business to Consumer e-Commerce
8. (b) Layering
9. (a) XBRL runs on XML technologies such as XML schema, and ensures that financial and non -
financial data is tagged to form a comparable reporting format.
10. (b) Vulnerability
Part II: Descriptive Answers
1. (a) The key features of a banking business are as follows:

• The custody of large volumes of monetary items, including cash and negotiable instruments,
whose physical security should be ensured.
• Dealing in large volume (in number, value and variety) of transactions.
• Operating through a wide network of branches and departments, which are geographically
dispersed.
• Increased possibility of frauds as banks directly deal with money making it mandatory for
banks to provide multi-point authentication checks and the highest level of information
security.
(b) The disadvantages of Database Management System are as follows:
♦ Cost: Implementing a DBMS in terms of both system and user-training can be
expensive and time-consuming, especially in large enterprises. Training requirements
alone can be quite costly.
♦ Security: Even with safeguards in place, it may be possible for some unauthorized
users to access the database. If one gets access to database, then it could be an all or
nothing proposition.
2. (a) The success of implementation of Enterprise Resource Planning (ERP) system majorly depends
upon issues related people, process and technology, however the risk related to other
implementation issues of ERP are as follows:

• Lengthy implementation time: ERP projects are lengthy that takes anywhere between 1 to
4 years depending upon the size of the organization. Due to technological developments
happening every day, the business and technological environment during the start and
completion of the project will never be the same. Employee turnover is another problem.
• Insufficient Funding: The budget for ERP implementation is generally allocated without
consulting experts and then implementation is stopped along the way, due to lack of funds.
• Data Safety: As there is only one set of data, if this data is lost, whole business may come
to stand still.
• Speed of Operation: As data is maintained centrally, gradually the data size becomes more
and more and it may reduce the speed of operation.
• System Failure: As everybody is connected to a single system and central database, in
case of failure of system, the whole business may come to stand still may get affected
badly.
• Data Access: Data is stored centrally and all the departments access the central data. This
creates a possibility of access to non-relevant data.
(b) The commercial laws applicable to e-commerce and m-commerce transactions are as
follows:
• Income Tax Act, 1961
• Companies Act, 2013
• Foreign Trade (Development and Regulation) Act, 1992
• The Factories Act, 1948
• The Customs Act, 1962
• The Goods and Services Tax (GST) Act, 2017
• Indian Contract Act, 1872
• The Competition Act, 2002
• Foreign Exchange Management Act (FEMA 1999)
• Consumer Protection Act, 1986
3. (a) The technical exposures that are used to protect unauthorized implementation of data and
software are as follows:
 Data Diddling: This involves the change of data before or after they entered the
system. A limited technical knowledge is required to data diddle and the worst part with
this is that it occurs before computer security can protect the data.
 Bomb: Bomb is a piece of bad code deliberately planted by an insider or supplier of a
program. An event, which is logical, triggers a bomb or time based. The bombs explode
when the conditions of explosion get fulfilled causing the damage immediately.
However, these programs cannot infect other programs. Since these programs do not
circulate by infecting other programs; chances of a widespread epidemic are relatively
low.
 Christmas Card: It is a well-known example of Trojan and was detected on internal E-
mail of IBM system. On typing the word ‘Christmas’, it will draw the Christmas tree as
2

expected, but in addition, it will send copies of similar output to all other users
connected to the network. Because of this message on other terminals, other users
cannot save their half-finished work.
 Worm: A worm does not require a host program like a Trojan to relocate itself. Thus, a
Worm program copies itself to another machine on the network. Since, worms are
stand-alone programs, and they can be detected easily in comparison to Trojans and
computer viruses. Examples of worms are Existential Worm, Alarm clock Worm etc. The
Alarm Clock worm places wake-up calls on a list of users. It passes through the network
to an outgoing terminal while the sole purpose of existential worm is to remain alive.
Existential worm does not cause damage to the system, but only copies itself to several
places in a computer network.
 Rounding Down: This refers to rounding of small fractions of a denomination and
transferring these small fractions into an authorized account. As the amount is small, it
gets rarely noticed.
 Salami Techniques: This involves slicing of small amounts of money from a
computerized transaction or account. A Salami technique is slightly different from a
rounding technique in the sense a fix amount is deducted. For example, in the rounding
off technique, Rs. 21,23,456.39 becomes Rs. 21,23,456.40, while in the Salami
technique the transaction amount Rs. 21,23,456.39 is truncated to either
Rs. 21,23,456.30 or Rs. 21,23,456.00, depending on the logic.
 Trap Doors: Trap doors allow insertion of specific logic such as program interrupts that
permit a review of data. They also permit insertion of unauthorized logic.
 Spoofing: A spoofing attack involves forging one’s source address. One machine is
used to impersonate the other in spoofing technique. Spoofing occurs only after a
particular machine has been identified as vulnerable. A penetrator makes the user think
that s/he is interacting with the operating system. For example, a penetrator duplicates
the login procedure, captures the user’s password, attempts for a system crash and
makes user login again.
(b) The technological risks related to Enterprise Resource Planning are as follows:
• Software Functionality: ERP systems offer a myriad of features and functions, however,
not all organizations require those many features. Implementing all the functionality and
features just for the sake of it can be disastrous for an organization.
• Technological Obsolescence: With the advent of more efficient technologies every day,
the ERP system also becomes obsolete as time goes on.
• Enhancement and Upgrades: ERP Systems are not upgraded and kept up-to-date.
Patches and upgrades are not installed and the tools are underutilised.
• Application Portfolio Management: These processes focus on the selection of new
business applications and the projects required delivering them.
4. (a) Various types of cards used as digital payment mode are as follows:
o Credit Cards: A small plastic card issued by a bank, or issuer etc., allowing the holder
to purchase goods or services on credit. It contains a unique number linked with an
account. It has also a magnetic strip embedded in it which is used to read credit card
via card readers. In this mode of payment, the buyer’s cash flow is not immediately

impacted. User of the card makes payment to card issuer at end of billing cycle. Credit
Card issuer charge customers per transactions / fixed amount as transaction fees.
o Debits Cards: Debit card, is also a small plastic card with a unique number linked with
bank account number. It is required to have a bank account before getting debit card
from bank. It enables cardholder to pay for his/her purchases directly through his/her
account. The major difference between debit card and credit card is that in case of
payment through debit card, amount gets deducted from card’s bank account
immediately and there should be sufficient balance in bank account for the transaction
to get completed; whereas in case of credit card there is no such compulsion.
o Smart Card: Smart card is a prepaid card similar to credit card and debit card in
appearance, but it has a small microprocessor chip embedded in it. It has capacity to
store customer’s personal information such as financial facts, private encryption keys,
credit card information, account information, and so on. Smart cards combine the
advantages of both debit card and credit card and are available to anyone, regardless
of credit ratings or income of applicant of smart card. Moreover, these are not linked to
any bank account. For this reason, smart card holder is not mandated to have a bank
account. It is also used to store money which is reduced as per usage. Mondex and
Visa Cash cards are examples of smart cards. The smart card holder has to load money
onto the card by paying cash or through transfer from his/her bank account. After
loading the money onto the card, the cardholder can use the card to spend money up to
the limit of loaded amount in the same way as using a credit or debit card. Once the
loaded amount is spent, the cardholder may reload money onto the card.
(b) The automation of the business processes is susceptible to challenges, which are as follows:
 Automating Redundant Processes: Sometimes organizations start off an automation
project by automating the processes they find suitable for automation without considering
whether such processes are necessary and create value. In other cases, some business
processes and tasks require high amount of tacit knowledge (that cannot be documented
and transferred from one person to another) and therefore seek employees to use their
personal judgment. These processes are generally not good candidates for automation as
these processes are hard to encode and automate.
 Defining Complex Processes: BPA requires reengineering of some business processes
that requires significant amount of time to be allocated and spent at this stage. This requires
a detailed understanding of the underlying business processes to develop an automated
process.
 Staff Resistance: In most cases, human factor issues are the main obstacle to the
acceptance of automated processes. Staff may see process automation as a way of
reducing their decision-making power. This is due to the reason that with automated
processes, the management has a greater visibility of the process and can make decisions
that used to be made by the staff earlier. Moreover, the staff may perceive automated
processes as threat to their jobs.
 Implementation Cost: The implementation of automated processes may be an expensive
proposition in terms of acquisition/development cost of automated systems and special skills
required to operate and maintain these systems.
5. (a) The various cyber-crime scenarios which can attract prosecution as per the penalties and
offences prescribed in Information Technology Act, 2000 that Mr Amar could have incorporated in
4

his advisory are as follows.
 Harassment via fake public profile on social networking site: A fake profile of a person
is created on a social networking site with the correct address, residential information or
contact details but he/she is labelled as ‘prostitute’ or a person of ‘loose character’. This
leads to harassment of the victim. Section 67 of the IT Act, 2000 is applicable here.
 Email Account Hacking: If victim’s email account is hacked and obscene emails are sent
to people in victim’s address book. Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act,
2000 are applicable in this case.
 Credit Card Fraud: Unsuspecting victims would use infected computers to make online
transactions. Sections 43, 66, 66C, 66D of IT Act, 2000 are applicable in this case.
 Web Defacement: The homepage of a website is replaced with a pornographic or
defamatory page. Government sites generally face the wrath of hackers on symbolic days.
Sections 43 and 66 of IT Act and Sections 66F and 67 of IT Act, 2000 also apply in some
cases.
 Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, and Bugs: All these are
some sort of malicious programs which are used to destroy or gain access to some
electronic information. Sections 43 and 66 of IT Act, 2000 are applicable in this case.
 Cyber Terrorism: Cyber terrorism is the terrorism conducted in cyberspace, where the
criminals attempt to damage or disrupt computer systems or telecommunication services.
Examples are hacking into computer systems, introducing viruses to vulnerable networks,
web site defacing, denial-of-service attacks, or terroristic threats made via electronic
communication. Many terrorists use virtual (Drive, FTP sites) and physical storage media
(USB’s, hard drives) for hiding information and records of their illicit business. Sections 43,
66, 66A of IT Act, 2000 are applicable in this case.
 Online sale of illegal Articles: Where sale of narcotics, drugs, weapons and wildlife is
facilitated by the Internet.
 Cyber Pornography: Among the largest businesses on Internet, pornography may not be
illegal in many countries, but child pornography is. Sections 67, 67A and 67B of the IT Act,
2000 are applicable in this case.
 Phishing and Email Scams: Phishing involves fraudulently acquiring sensitive information
through masquerading oneself as a trusted entity (e.g. usernames, Passwords, credit card
information). Sections 66, 66C and 66D of IT Act, 2000 are applicable in this case.
 Theft of Confidential Information: Many business organizations store their confidential
information in computer systems. This information is targeted by rivals, criminals and
disgruntled employees. Sections 43, 66 and 66B of IT Act, 2000 are applicable in this case.
 Source Code Theft: A Source code generally is the most coveted and important “crown
jewel” asset of a company. Sections 43, 65, 66 and 66B of IT Act, 2000 are applicable in
this case.
(b) The deployment and implementation of Core Banking System (CBS) should be controlled at
various stages to ensure that objective of DFK corporative bank are achieved. The detail is
as follows:
• Planning: Planning for implementing the CBS should be done as per strategic and business
objectives of bank.
5

• Approval: The decision to implement CBS requires high investment and recurring costs and
will impact how banking services are provided by the bank. Hence, the decision mu st be
approved by the board of directors.
• Selection: Although there are multiple vendors of CBS, each solution has key differentiators.
Hence, bank should select the right solution which is scalable and where different interfaces
are readily available considering various parameters as defined by the bank to meet their
specific requirements and business objectives.
• Design and develop or procured: CBS solutions used to be earlier developed in-house by
the bank. Currently, most of the CBS deployments are procured. There should be appropriate
controls covering the design or development or procurement of CBS for the bank.
• Testing: Extensive testing must be done before the CBS is live. The testing is to be done at
different phases at procurement stage to test suitability to data migration to ensure all existing
data is correctly migrated and testing to confirm processing of various types of transactions of
all modules produces the correct results.
• Implementation: CBS must be implemented as per pre-defined and agreed plan with specific
project milestones to ensure successful implementation.
• Maintenance: CBS must be maintained as required. E.g. program bugs fixed, version
changes implemented, etc.
• Support: CBS must be supported to ensure that it is working effectively.
• Updation: CBS modules must be updated based on requirements of business processes,
technology updates and regulatory requirements;
• Audit: Audit of CBS must be done internally and externally as required to ensure that controls
are working as envisaged.

1. (A)
(1) (2) (3) (4) (5)
(d) (b) (c) (d) (c)
(B) (a)
(C) (a)
(D) (b)
(E) (a)
(F) (b)
(G) (a)
2. According to Porter, strategies allow organizations to gain competitive advantage from three different bases:
cost leadership, differentiation, and focus. Porter called these base generic strategies.
X-Olympus is facing cutthroat competition due to saturation of market and price wars as there is no clear
leader out of the numerous competitors. For this, the strategy adopted by X-Olympus is Product
Differentiation by introducing a unique product to cater the customer needs at a lesser cost which would
insulate it from the fierce competition and never-ending price wars.
3. (a) Yes, strategy is partly proactive and partly reactive. In proactive strategy, organisations will analyse
possible environmental scenarios and create strategic framework after proper pla nning and set
procedures and work on these strategies in a pre-determined manner. However, in reality no
company can forecast both internal and external environment exactly. Everything cannot be
planned in advance. It is not possible to anticipate moves of rival firms, consumer behaviour,
evolving technologies and so on.
There can be significant deviations between what was visualised and what actually happens. There
can be significant or major strategic changes when the environment demands. Reactive strateg y
is triggered by the changes in the environment and provides ways and means to cope with the
negative factors or take advantage of emerging opportunities.
(b) As industry’s Key Success Factors (KSFs) are those things that most affect industry members’
ability to prosper in the market place – the particular strategy elements, product attributes,
resources, competencies, competitive capabilities and business outcomes that spell the difference
between profit & loss and ultimately, between competitive success or failure. KSFs by their very
nature are so important that all firms in the industry must pay close attention to them. They are the
prerequisites for industry success, or, to put it in another way, KSFs are the rules that shape
whether a company will be financially and competitively successful.
4. (a) Decision making is a managerial process of selecting the best course of action out of several
alternative courses for the purpose of accomplishment of the organisational goals. Decisions may
be operational, i.e., which relate to general day-to-day operations. They may also be strategic in
nature.
As owner manager at the top level in the company, Shri Alok Kumar should concentrate on strategic
decisions. These are higher level decisions having organisation wide implications. The major
dimensions of strategic decisions are as follows:

 Strategic decisions require top-management involvement as they involve thinking in totality of the
organisation.
 Strategic decisions involve significant commitment of organisational resources.
 Strategic decisions necessitate consideration of factors in the firm’s external environment.
 Strategic decisions are likely to have a significant impact on the long-term prosperity of the firm.
 Strategic decisions are future oriented.
 Strategic decisions usually have major multifunctional or multi-business consequences.
(b) Corporate culture refers to company’s values, beliefs, business principles, traditions, ways of
operating and internal work environment. Changing problem cultures is very difficult because of
deeply held values and habits. It takes concerted management action over a period of time to
replace an unhealthy culture with a healthy culture or to root out certain unwanted cultural obstacles
and instil ones that are more strategy-supportive.
 The first step is to diagnose which facets of the present culture are str ategy supportive and
which are not.
 Then, managers have to talk openly and forthrightly to all concerned about those aspects of
the culture that have to be changed.
 The talk has to be followed swiftly by visible, aggressive actions to modify the culture -actions
that everyone will understand are intended to establish a new culture more in tune with the
strategy.
Management through communication has to create a shared vision to manage changes. The menu
of culture-changing actions includes revising policies and procedures, altering incentive
compensation, shifting budgetary allocations for substantial resources to new strategy projects,
recruiting and hiring new managers and employees, replacing key executives, communication on
need and benefit to employees and so on.
5. (a) Stability strategies, as name suggests, are intended to safeguard the existing interests and
strengths of business. It involves organisations to pursue established and tested objectives,
continue on the chosen path, maintain operational efficiency and so on. A stability strategy is
pursued when a firm continues to serve in the same or similar markets and deals in same products
and services. In stability strategy, few functional changes are made in the products or markets,
however, it is not a ‘do nothing’ strategy. This strategy is typical for mature business organizations.
Some small organizations also frequently use stability as a strategic focus to maintain comfortable
market or profit position.
On the other hand, expansion strategy is aggressive strategy as it involves redefining the business
by adding the scope of business substantially, increasing efforts of the current business. In this
sense, it becomes opposite to stability strategy. Expansion is a promising and popular strategy that
tends to be equated with dynamism, vigor, promise and success. Expansion also includes
diversifying, acquiring and merging businesses. This strategy may take the enterprise along
relatively unknown and risky paths, full of promises and pitfalls.
(b) There are at least three major R&D approaches for implementing strategies.
i. Be the leader: The first strategy is to be the first firm to market new technological products. This
is a glamorous and exciting strategy but also a dangerous one. Firms such as 3M and General
Electric have been successful with this approach, but many other pioneering firms have fallen,
with rival firms seizing the initiative.

ii. Be an innovative imitator: A second R&D approach is to be an innovative imitator of successful
products, thus minimizing the risks and costs of startup. This approach entails allowing a pioneer
firm to develop the first version of the new product and to demonstrate that a market exists. Then,
laggard firms develop a similar product. This strategy requires excellent R&D personnel and an
excellent marketing department.
iii. Be a low cost producer: A third R&D strategy is to be a low-cost producer by mass-producing
products similar to but less expensive than products recently introduced. As a new product
accepted by customers, price becomes increasingly important in the buying decision. Also, mass
marketing replaces personal selling as the dominant selling strategy. This R&D strategy requires
substantial investment in plant and equipment, but fewer expenditures in R&D than the two
approaches described earlier.
6. (a) Following are the differences between the market development and product development:
Market Development Product Development
• Meaning • Meaning
It refers to a growth strategy where the It refers to a growth strategy where business
business seeks to sell its existing products into aims to introduce new products into existing
new markets. It is a strategy for company markets. It is a strategy for company growth by
growth by identifying and developing new offering modified or new products to current
markets for current company products. markets.
• Strategy Application • Strategy Application
It may be achieved through new geographical It is for company’s growth and requires the
markets, new product dimensions or development of new competencies and the
packaging, new distribution channels or business to develop modified products which
different pricing policies to attract different can appeal to existing markets.
customers or create new market segments.
(b) Although inextricably linked, strategy implementation is fundamentally different from strategy
formulation in the following ways:
Strategy Formulation Strategy Implementation
 Strategy formulation focuses on  Strategy implementation focuses on
effectiveness. efficiency.
 Strategy formulation is primarily an  Strategy implementation is primarily an
intellectual process. operational process.
 Strategy formulation requires conceptual  Strategy implementation requires
intuitive and analytical skills. motivation and leadership skills.
 Strategy formulation requires coordination  Strategy implementation requires
among the executives at the top level. coordination among the executives at the
middle and lower levels.

© The Institute of Chartered Accountants of India

Uploaded by

Copyright:

Available Formats

© The Institute of Chartered Accountants of India

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

© The Institute of Chartered Accountants of India

Uploaded by

Copyright:

Available Formats

© The Institute of Chartered Accountants of India